Fwd: Overflow bug

Anderz Olsson anderz.olsson at gmail.com
Thu Nov 8 21:24:16 EST 2012

---------- Forwarded message ----------
From: Anderz Olsson <anderz.olsson at gmail.com>
Date: 2012/11/9
Subject: Re: Overflow bug
To: Daniel Atallah <datallah at pidgin.im>

Ok, I'll make it more clear then:

* I was able to select all text (miy installation didn't freeze though).
* I then deleted all text (with the button called backspace).
* Then all history was lost without me closing the window (i don't
log) IM. But I saw it before I selected all the text in my text box
(like I'd have selected the chat history too, but that isn't possible,
is it?)
* So there is a bug.

Or is it not a bug?


2012/11/9 Daniel Atallah <datallah at pidgin.im>:
> On Thu, Nov 8, 2012 at 8:26 PM, Anderz Olsson <anderz.olsson at gmail.com>
> wrote:
>> Thanks for answering, Daniel.
> Please reply to the list and not just to me.
>> A key was pressed for hours, and your code deleted the chat history. I
>> hopa I was clear enough now?
> No, not really, how do you expect that to help?
> You didn't answer my question about it causing his response to be scrolled
> past the backlog (this would be the case if your input made it to the
> conversation backlog and not just the entry field).
> IMO dealing with a key being pressed for hours is really outside of
> reasonable target behavior - even if it crashed (which it doesn't sound like
> it did) I don't think that would be something we'd worry about.
> FWIW, I pasted ~10MB of text into conversation entry field (which caused it
> to freeze for several seconds), I was able then to select all the text
> (which again froze the UI for several seconds) and then delete it without
> any negative side effects.
>> Anderz
>> 2012/11/9 Daniel Atallah <datallah at pidgin.im>:
>> > On Thu, Nov 8, 2012 at 6:44 PM, Anderz Olsson <anderz.olsson at gmail.com>
>> > wrote:
>> >> Hello,
>> >>
>> >> Thanks for giving us a great free IM client, that works on all
>> >> different kind of OS that I'm using.
>> >>
>> >> I have found a bug though. I fell asleep and my wireless keyboard
>> >> pressed a key in an open chat (by some of all crap that is lying
>> >> around inhere), and when I woke up, i saw that the person I talked to
>> >> had answered, but when I tried to read it (by pressing ctrl+a iin my
>> >> text box, that was totally filled with a character due to the crap
>> >> that pressed a button for a "while"). As soon as I deleted
>> >> "ZZZZZZZZZZZZZZZZZZZZ ..." by selecting all my chars, all history in
>> >> the conversation was lost.
>> >>
>> >> So I missed the important answer because I deleted the overflow of
>> >> chars in my text window.
>> >>
>> >> Because I know some programming, I know it is a bug. I use Pidgin for
>> >> conversations and if I cannot read them due to a fault in the handling
>> >> of the amount of chars in my text box, it is for sure a bug. Whether
>> >> the bug lays in my operating system or in pidgin, i don't know. But if
>> >> pidgin produced this you for sure need to fix it. Maybe it's not a bug
>> >> in terms of security (despite the fact that the written respons I
>> >> really needed got lost as soon as I deleted my text), but maybe it's
>> >> insecure technically speaking, because the code couldn't handle an
>> >> overflow in a textbox. I'd call it a potential security threat. In any
>> >> case, I'd wish you fix it. For sure, I could try to fix it myself, if
>> >> I had time for it.
>> >
>> > It's unclear to me what the real issue is here.
>> >
>> > The conversation window has a limited backlog - once the content is
>> > longer than the backlog (4000 lines), the older content starts getting
>> > discarded.
>> > The size of the backlog is actually configurable but there is no UI
>> > for the setting because it'd be a pretty unusual situation that
>> > someone would need to change it.
>> >
>> > Is this the problem you're seeing?
>> >
>> > If not, please clarify, preferably with specific reproduction steps.
>> >
>> > I don't see anything that sounds at all like a security problem.
>> >
>> > -D

More information about the Support mailing list