daniel.atallah at gmail.com
Wed Jan 16 09:27:15 EST 2013
On Wed, Jan 16, 2013 at 8:55 AM, Ethan Blanton <elb at pidgin.im> wrote:
> Mark Doliner spake unto us the following wisdom:
>> Hi Chris. Thanks for reporting this to us. It sounds like you're
>> using some version of Windows... I'm wondering if you could tell us
>> what version, specifically? Knowing that information might help us
>> track this down.
> This came up in #pidgin, and it is my understanding from the
> conclusion of the conversation that a) this is a Pango bug related to
> non-BMP Unicode codepoints, and b) there's some sort of plugin to
> protect against it.
http://code.google.com/p/pidgin-win32-non-bmp/ is the plugin -
eoinrobb wrote it.
> I'm wondering if GtkIMHtml should filter stuff on the way through, in
> Windows? It sounds like maybe that's not perfect protection (I assume
> you'd just have to put such a string in an invite or similar), but
> it'd avoid channel-clearing etc.
Yes, I've been meaning to do something like this. I have an
incomplete patch that sanitizes problematic characters out of strings
(similar to what the plugin does).
I was hoping for a more central location to do this rather than for
GtkIMHtml, but that may not exist.
> Those of you who are familiar with this bug, is there a fixed version
> of Pango or something?
The bug still hasn't been fixed in Pango - mostly because there isn't
a win32 maintainer currently.
This is the relevant bug: https://bugzilla.gnome.org/show_bug.cgi?id=668154
More information about the security