one byte buffer overread in function purple_markup_linkify
Hanno Böck
hanno at hboeck.de
Fri Apr 14 13:20:08 EDT 2017
On Fri, 14 Apr 2017 11:22:25 -0400
Ethan Blanton <elb at pidgin.im> wrote:
> > 1. prepares input ith purple_utf8_salvage
> > and
> > 2. puts that input through a markup function
> > then it shouldn't produce any invalid memory access? Thus any input
> > that would trigger memory safety violations would be considered a
> > bug?
>
> Absolutely!
See attached. Pure ascii input, triggers out of bounds read in
purple_email_is_valid
called by
purple_markup_linkify
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libpurple-oob2.c
Type: text/x-c++src
Size: 223 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170414/66ac0069/attachment.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libpurple-oob2-asan.txt.xz
Type: application/x-xz
Size: 936 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20170414/66ac0069/attachment.xz>
More information about the security
mailing list