Libpurple stack overflow in g_markup_escape_text (truncated utf8??)
Eion Robb
eion at robbmob.com
Mon Oct 2 05:10:12 EDT 2017
Is there any good reason that we don't use g_strdup_printf() instead
of g_snprintf() other than potentially expensive memory alloc's?
On 1 October 2017 at 05:43, Joseph Bisch <joseph.bisch at gmail.com> wrote:
> Hi,
>
> There is a stack overflow in libpurple that occurs in g_markup_escape_text.
>
> I believe that it arises due to the following line potentially
> truncating valid utf8, leading to invalid utf8. The
> g_markup_escape_text assumes that the input it receives is valid utf8.
>
> The line I suspect of causing the issue:
> https://bitbucket.org/pidgin/main/src/859b15b1c817c0e7daebb3a9ddb439
> 6999504ca6/libpurple/server.c?at=release-2.x.y&fileviewer=
> file-view-default#server.c-825
>
> I attached the ASan output and a reproducer (to be sent to Pidgin as
> if it were coming from an IRC server).
>
> Joseph
>
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171002/4dc5f998/attachment.html>
More information about the security
mailing list