Overflow bug

Daniel Atallah datallah at pidgin.im
Thu Nov 8 19:16:23 EST 2012 

On Thu, Nov 8, 2012 at 6:44 PM, Anderz Olsson <anderz.olsson at gmail.com> wrote:
> Hello,
>
> Thanks for giving us a great free IM client, that works on all
> different kind of OS that I'm using.
>
> I have found a bug though. I fell asleep and my wireless keyboard
> pressed a key in an open chat (by some of all crap that is lying
> around inhere), and when I woke up, i saw that the person I talked to
> had answered, but when I tried to read it (by pressing ctrl+a iin my
> text box, that was totally filled with a character due to the crap
> that pressed a button for a "while"). As soon as I deleted
> "ZZZZZZZZZZZZZZZZZZZZ ..." by selecting all my chars, all history in
> the conversation was lost.
>
> So I missed the important answer because I deleted the overflow of
> chars in my text window.
>
> Because I know some programming, I know it is a bug. I use Pidgin for
> conversations and if I cannot read them due to a fault in the handling
> of the amount of chars in my text box, it is for sure a bug. Whether
> the bug lays in my operating system or in pidgin, i don't know. But if
> pidgin produced this you for sure need to fix it. Maybe it's not a bug
> in terms of security (despite the fact that the written respons I
> really needed got lost as soon as I deleted my text), but maybe it's
> insecure technically speaking, because the code couldn't handle an
> overflow in a textbox. I'd call it a potential security threat. In any
> case, I'd wish you fix it. For sure, I could try to fix it myself, if
> I had time for it.

It's unclear to me what the real issue is here.

The conversation window has a limited backlog - once the content is
longer than the backlog (4000 lines), the older content starts getting
discarded.
The size of the backlog is actually configurable but there is no UI
for the setting because it'd be a pretty unusual situation that
someone would need to change it.

Is this the problem you're seeing?

If not, please clarify, preferably with specific reproduction steps.

I don't see anything that sounds at all like a security problem.

-D

More information about the security mailing list