[Pidgin] #10261: crash when adding account without @ in jabber

Pidgin trac at pidgin.im
Wed Sep 9 18:34:52 EDT 2009 

#10261: crash when adding account without @ in jabber
--------------------+-------------------------------------------------------
 Reporter:  ekse    |        Owner:           
     Type:  defect  |       Status:  new      
Milestone:          |    Component:  libpurple
  Version:  2.6.2   |   Resolution:           
 Keywords:  crash   |  
--------------------+-------------------------------------------------------
Description changed by deryni:

Old description:

> Steps to reproduce:
> 1- Contacts \ Add Contact
> 2- in "Username", type contact
> 3- press enter. pidgin crashes
>
> Here is the relevant stacktrace from WinDBG:
> 0022e658 6861e907 msvcrt!strlen+0x20
> 0022e678 68616094 libglib_2_0_0!g_win32_locale_filename_from_utf8+0x1d37
> 0022e698 68602f36 libglib_2_0_0!g_vasprintf+0x24
> 0022e6b8 68602f58 libglib_2_0_0!g_strdup_vprintf+0x26
> 0022e6c8 018ac5ca libglib_2_0_0!g_strdup_printf+0x18
> 0022e6e8 018c941b libjabber!jabber_chat_find+0x4a
> 0022e728 67cc4a81 libjabber!jabber_roster_add_buddy+0x5b
> 0022e748 64a514f5 libpurple!purple_account_add_buddy+0xa1
> 0022e788 63a43955
> pidgin_64a40000!pidgin_blist_update_refresh_timeout+0x1025
>
> The trace is pointing in the purple_account_add_buddy() method which is
> calling libjabber and is crashing is strlen.
>
> I saw in Ollydbg the string "%s@%s" on the stack frame of strlen. My
> guess is that since pidgin is looking in memory until it finds an @ and
> since it is not in the string it results in a memory read violation.
>
> libpurple should make sure there is a @ character prior to trying adding
> a username.

New description:

 Steps to reproduce:
  1. Contacts -> Add Contact
  1. in "Username", type contact
  1. press enter. pidgin crashes

 {{{
 Here is the relevant stacktrace from WinDBG:
 0022e658 6861e907 msvcrt!strlen+0x20
 0022e678 68616094 libglib_2_0_0!g_win32_locale_filename_from_utf8+0x1d37
 0022e698 68602f36 libglib_2_0_0!g_vasprintf+0x24
 0022e6b8 68602f58 libglib_2_0_0!g_strdup_vprintf+0x26
 0022e6c8 018ac5ca libglib_2_0_0!g_strdup_printf+0x18
 0022e6e8 018c941b libjabber!jabber_chat_find+0x4a
 0022e728 67cc4a81 libjabber!jabber_roster_add_buddy+0x5b
 0022e748 64a514f5 libpurple!purple_account_add_buddy+0xa1
 0022e788 63a43955
 pidgin_64a40000!pidgin_blist_update_refresh_timeout+0x1025
 }}}

 The trace is pointing in the purple_account_add_buddy() method which is
 calling libjabber and is crashing is strlen.

 I saw in Ollydbg the string "%s@%s" on the stack frame of strlen. My guess
 is that since pidgin is looking in memory until it finds an @ and since it
 is not in the string it results in a memory read violation.

 libpurple should make sure there is a @ character prior to trying adding a
 username.

--

-- 
Ticket URL: <http://developer.pidgin.im/ticket/10261#comment:1>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list