[pidgin-security] possible segfault in perl wrapper
Tomasz Wasilczyk
tomkiewicz at cpw.pidgin.im
Thu Apr 18 09:03:00 EDT 2013
2013/4/18 Mark Doliner <mark at kingant.net>:
> I kinda think we should leave it in 3.0.0. After your fix the
> function will be safe, right? I kinda don't like having a perl plugin
> loader (I mean, who uses perl these days??), but I think we should
> continue to maintain it until we decide to remove it. And I'd kinda
> rather not remove it until we have some semblance of stats on how many
> people use it. I'm hoping Sanket's statscollector project can
> eventually be used for this purpose.
I've already removed it, but of course it's always possible to revert.
After my fix the function will be actually working. I don't believe,
that any useful and popular plugin uses it, while it fails for some
IPs. Anyway, as I wrote before, this function looks useless not only
for perl, so I removed it from libpurple API too [1].
3.0.0 breaks API, so no-one should expect reverse compatibility for
plugins - that's a chance for cleaning it up. If we really want
ip_atoi routine, it should return just an integer, not array of bytes
- that's way more popular format. But - do we really have to provide
such function in our API?
Tomek
[1] https://hg.pidgin.im/pidgin/main/rev/7e3ea8475aad
More information about the security
mailing list