Jabber: Incomplete UTF-8 string causes g_markup_escape_text to crash.

Mitch Davis mjd at afork.com
Tue Jun 9 19:06:14 EDT 2015


Hi Ethan,

On Tue, Jun 9, 2015 at 11:34 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Mitch Davis spake unto us the following wisdom:
>> Three days ago I sent this report of a bug where data sent from the
>> other side can cause a crash.  I haven't heard back from you yet.
>
> I thought your follow-up indicated that there was *not* actually a
> crash?

Yes it's a crash.  My follow-up was to say that the log I included
doesn't show a crash (but does show the problem, that due to luck,
didn't crash it on that run).

> What is the actual situation?

Pidgin can be crashed on arrival of data that meets a certain condition.

The problem occurs when a packet that's passed to the SSL rx handler
has an incomplete UTF-8 multibyte char on the end.  When the packet is
logged, things in glib break on the incomplete sequence.  Please see
my earlier post for other code which has had the same problem, and has
been fixed, as well as a discussion of the problem.

Mitch.


More information about the security mailing list