[Pidgin] #14392: pidgin_conv_chat_rename_user can dereference NULL pointer
Pidgin
trac at pidgin.im
Fri Jul 8 07:27:07 EDT 2011
#14392: pidgin_conv_chat_rename_user can dereference NULL pointer
------------------+---------------------------------------------------------
Reporter: clh | Type: defect
Status: new | Component: pidgin (gtk)
Version: 2.9.0 | Keywords: get_iter_from_chatbuddy NULL
------------------+---------------------------------------------------------
If we look at pidgin_conv_chat_rename_user():
{{{
...
old_cbuddy = purple_conv_chat_cb_find(chat, old_name);
if (get_iter_from_chatbuddy(old_cbuddy, &iter)) {
...
}
...
if (!old_cbuddy)
return;
...
}}}
We see that purple_conv_chat_cb_find() can return NULL, there is even a
check for it. However, before the chat we use the return as argument for
get_iter_from_chatbuddy() which will dereference the pointer without
checking for NULL:
{{{
static gboolean get_iter_from_chatbuddy(PurpleConvChatBuddy *cb,
GtkTreeIter *iter)
{
GtkTreeRowReference *ref = cb->ui_data;
}}}
The same happens in pidgin_conv_chat_update_user().
My suggested fix would be checking the argument in
get_iter_from_chatbuddy():
{{{
static gboolean get_iter_from_chatbuddy(PurpleConvChatBuddy *cb,
GtkTreeIter *iter)
{
- GtkTreeRowReference *ref = cb->ui_data;
+ GtkTreeRowReference *ref;
GtkTreePath *path;
GtkTreeModel *model;
+ if (!cb)
+ return FALSE;
+
+ ref = cb->ui_data;
+
if (!ref)
return FALSE;
}}}
--
Ticket URL: <http://developer.pidgin.im/ticket/14392>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list