Remote crash

Daniel Atallah daniel.atallah at
Wed Jan 16 09:27:15 EST 2013

On Wed, Jan 16, 2013 at 8:55 AM, Ethan Blanton <elb at> wrote:
> Mark Doliner spake unto us the following wisdom:
>> Hi Chris.  Thanks for reporting this to us.  It sounds like you're
>> using some version of Windows... I'm wondering if you could tell us
>> what version, specifically?  Knowing that information might help us
>> track this down.
> This came up in #pidgin, and it is my understanding from the
> conclusion of the conversation that a) this is a Pango bug related to
> non-BMP Unicode codepoints, and b) there's some sort of plugin to
> protect against it. is the plugin -
eoinrobb wrote it.

> I'm wondering if GtkIMHtml should filter stuff on the way through, in
> Windows?  It sounds like maybe that's not perfect protection (I assume
> you'd just have to put such a string in an invite or similar), but
> it'd avoid channel-clearing etc.

Yes, I've been meaning to do something like this.  I have an
incomplete patch that sanitizes problematic characters out of strings
(similar to what the plugin does).
I was hoping for a more central location to do this rather than for
GtkIMHtml, but that may not exist.

> Those of you who are familiar with this bug, is there a fixed version
> of Pango or something?

The bug still hasn't been fixed in Pango - mostly because there isn't
a win32 maintainer currently.
This is the relevant bug:


More information about the security mailing list