[Pidgin] #11470: CVE-2008-2956 denial-of-service

Pidgin trac at pidgin.im
Sun Mar 13 04:08:02 EDT 2011


#11470: CVE-2008-2956 denial-of-service
----------------------+-----------------------------------------------------
 Reporter:  mgilbert  |        Owner:  rekkanoryo  
     Type:  defect    |       Status:  closed      
Milestone:            |    Component:  unclassified
  Version:  2.6.6     |   Resolution:  invalid     
 Keywords:            |  
----------------------+-----------------------------------------------------
Changes (by MarkDoliner):

  * status:  new => closed
  * resolution:  => invalid


Comment:

 It looks like this patch creates a linked list of all xmlnodes that are
 allocated when parsing an xml document.  If the parsing fails then all the
 nodes in the linked list are freed.  It seems like a fine implementation.

 Except I don't think it's necessary.  Our current code constructs an xml
 tree and I can't see a way for it to orphan xmlnodes.  If parsing fails in
 our current code then we walk up to the top of the tree and free the top
 node, which frees all children recursively.  And the code has been doing
 this since at least 2003.

 If there's a bug here I'm not seeing it.  If someone knows of an XML
 document that will trigger a memory leak then please post it and I'll test
 with valgrind.

 Otherwise, I'm calling this closed.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/11470#comment:6>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list