one byte buffer overread in function purple_markup_linkify
Ethan Blanton
elb at pidgin.im
Fri Apr 14 11:22:25 EDT 2017
Hanno Böck wrote:
> > So while I agree that it would be ideal for these methods to be robust
> > to invalid UTF-8, they are not. Everything passed to a purple_markup
> > function from the network should have been validated as UTF-8 (or
> > passed through purple_utf8_salvage or the like to "fix" it if it was
> > not).
>
> Okay, thanks for the explanation. So to be clear, maybe this is helpful
> for further testing:
> If I write a fuzzing test that
> 1. prepares input ith purple_utf8_salvage
> and
> 2. puts that input through a markup function
> then it shouldn't produce any invalid memory access? Thus any input that
> would trigger memory safety violations would be considered a bug?
Absolutely!
Ethan
More information about the security
mailing list