one byte buffer overread in function purple_markup_linkify

Hanno Böck hanno at hboeck.de
Fri Apr 14 09:40:15 EDT 2017


Hi,

On Fri, 14 Apr 2017 09:28:22 -0400
Ethan Blanton <elb at pidgin.im> wrote:

> So while I agree that it would be ideal for these methods to be robust
> to invalid UTF-8, they are not.  Everything passed to a purple_markup
> function from the network should have been validated as UTF-8 (or
> passed through purple_utf8_salvage or the like to "fix" it if it was
> not).

Okay, thanks for the explanation. So to be clear, maybe this is helpful
for further testing:
If I write a fuzzing test that
1. prepares input ith purple_utf8_salvage
and
2. puts that input through a markup function
then it shouldn't produce any invalid memory access? Thus any input that
would trigger memory safety violations would be considered a bug?


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42


More information about the security mailing list