[Pidgin] #14518: Segfault with misplaced 366 ("End of /NAMES list") message
Pidgin
trac at pidgin.im
Tue Aug 16 10:49:46 EDT 2011
#14518: Segfault with misplaced 366 ("End of /NAMES list") message
-------------------+--------------------------------------------------------
Reporter: udp | Owner: elb
Type: patch | Status: new
Milestone: | Component: IRC
Version: 2.9.0 | Resolution:
Keywords: |
-------------------+--------------------------------------------------------
Changes (by udp):
* type: defect => patch
Old description:
> If a misbehaving IRC server sends 366 ("End of /NAMES list") without
> sending any names and when Pidgin isn't expecting it (ie. IRC_NAMES_FLAG
> isn't set), a NULL irc->names will be dereferenced anyway, causing a
> segmentation fault :-
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0, name=0x7fffe972726d
> "366", from=0xec58f0 "Bridge",
> args=0xebd2b0) at msgs.c:594
> 594 while (*cur) {
>
> #0 0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0,
> name=0x7fffe972726d "366", from=0xec58f0 "Bridge",
> args=0xebd2b0) at msgs.c:594
> #1 0x00007fffe9726068 in irc_parse_msg (irc=0xdcc9b0,
> input=0xe640d0 ":Bridge 366 Jamie #EDS_Lounge :End of /NAMES list")
> at parse.c:737
> #2 0x00007fffe971eab5 in read_input (irc=0xdcc9b0, len=51) at irc.c:655
> #3 0x00007fffe971ee7f in irc_input_cb (data=0xdcc8e0, source=12,
> cond=PURPLE_INPUT_READ) at irc.c:734
> #4 0x000000000047b9e2 in pidgin_io_invoke (source=0xdcc7e0,
> condition=G_IO_IN, data=0xdcef80)
> at gtkeventloop.c:73
> #5 0x00007ffff35ac29d in g_main_context_dispatch () from
> /usr/lib/libglib-2.0.so.0
> #6 0x00007ffff35aca78 in ?? () from /usr/lib/libglib-2.0.so.0
> #7 0x00007ffff35ad0ba in g_main_loop_run () from
> /usr/lib/libglib-2.0.so.0
> #8 0x00007ffff5eaa1a7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
> #9 0x000000000049c76c in main (argc=1, argv=0x7fffffffe868) at
> gtkmain.c:934
New description:
If a misbehaving IRC server sends 366 ("End of /NAMES list") without
sending any names and when Pidgin isn't expecting it (ie. IRC_NAMES_FLAG
isn't set), a NULL irc->names will be dereferenced anyway, causing a
segmentation fault :-
{{{Program received signal SIGSEGV, Segmentation fault.
0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0, name=0x7fffe972726d
"366", from=0xec58f0 "Bridge",
args=0xebd2b0) at msgs.c:594
594 while (*cur) {
#0 0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0, name=0x7fffe972726d
"366", from=0xec58f0 "Bridge",
args=0xebd2b0) at msgs.c:594
#1 0x00007fffe9726068 in irc_parse_msg (irc=0xdcc9b0,
input=0xe640d0 ":Bridge 366 Jamie #EDS_Lounge :End of /NAMES list") at
parse.c:737
#2 0x00007fffe971eab5 in read_input (irc=0xdcc9b0, len=51) at irc.c:655
#3 0x00007fffe971ee7f in irc_input_cb (data=0xdcc8e0, source=12,
cond=PURPLE_INPUT_READ) at irc.c:734
#4 0x000000000047b9e2 in pidgin_io_invoke (source=0xdcc7e0,
condition=G_IO_IN, data=0xdcef80)
at gtkeventloop.c:73
#5 0x00007ffff35ac29d in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#6 0x00007ffff35aca78 in ?? () from /usr/lib/libglib-2.0.so.0
#7 0x00007ffff35ad0ba in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
#8 0x00007ffff5eaa1a7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#9 0x000000000049c76c in main (argc=1, argv=0x7fffffffe868) at
gtkmain.c:934}}}
--
--
Ticket URL: <http://developer.pidgin.im/ticket/14518#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list