[Pidgin] #9866: Yahoo off-by-one read in yahoo_packet_read

Pidgin trac at pidgin.im
Fri Aug 7 19:14:04 EDT 2009 

#9866: Yahoo off-by-one read in yahoo_packet_read
------------------------+---------------------------------------------------
 Reporter:  darkrain42  |     Owner:  sulabh.dev
     Type:  defect      |    Status:  new       
Component:  Yahoo!      |   Version:  2.5.8     
 Keywords:              |  
------------------------+---------------------------------------------------
 The valgrind log is from #9445, but the code looks the same in 2.6.0devel.

 {{{
 ==29257== Invalid read of size 1
 ==29257==    at 0x5ACC86E: yahoo_packet_read (yahoo_packet.c:205)
 ==29257==    by 0x5AC2470: yahoo_pending (yahoo.c:2288)
 ==29257==    by 0x809F3AC: pidgin_io_invoke (gtkeventloop.c:78)
 ==29257==    by 0x4A1CF7C: (within /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x49E9145: g_main_context_dispatch (in
 /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x49EC4F2: (within /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x49EC8D6: g_main_loop_run (in
 /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x427D563: gtk_main (in
 /usr/lib/libgtk-x11-2.0.so.0.1200.9)
 ==29257==  Address 0x62cda0a is 0 bytes after a block of size 26 alloc'd
 ==29257==    at 0x40237B9: malloc (in
 /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
 ==29257==    by 0x40238FF: realloc (in
 /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
 ==29257==    by 0x49F0FA4: g_realloc (in /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x5AC2213: yahoo_pending (yahoo.c:2234)
 ==29257==    by 0x809F3AC: pidgin_io_invoke (gtkeventloop.c:78)
 ==29257==    by 0x4A1CF7C: (within /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x49E9145: g_main_context_dispatch (in
 /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x49EC4F2: (within /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x49EC8D6: g_main_loop_run (in
 /usr/lib/libglib-2.0.so.0.1600.6)
 ==29257==    by 0x427D563: gtk_main (in
 /usr/lib/libgtk-x11-2.0.so.0.1200.9)
 ==29257==    by 0x80B5325: main (gtkmain.c:882)
 }}}

 line numbers in im.pidgin.pidgin are libymsg.c:2959 (for the g_realloc)
 and yahoo_packet.c:204

-- 
Ticket URL: <http://developer.pidgin.im/ticket/9866>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list