[Pidgin] #15053: Fix a double-free in Yahoo profile/picture code
Pidgin
trac at pidgin.im
Mon Apr 9 08:16:23 EDT 2012
#15053: Fix a double-free in Yahoo profile/picture code
------------------------------------------------------+---------------------
Reporter: mihais | Owner: sulabh.dev
Type: patch | Status: new
Component: Yahoo!/Yahoo! JAPAN | Version: 2.10.3
Keywords: crash yahoo proxy update profile picture |
------------------------------------------------------+---------------------
Re-fix a double-free in the Yahoo profile/picture code.[[BR]]
[[BR]]
User data passed to
'''purple_util_fetch_url'''/'''purple_util_fetch_url_request''' is[[BR]]
already freed by the '''yahoo_got_info'''/'''yahoo_fetch_picture_cb'''
callbacks on the[[BR]]
error paths.[[BR]]
This happens since '''purple_util_fetch_url_error''' calls were introduced
to[[BR]]
'''purple_util_fetch_url_request''' by revisions:[[BR]]
[[BR]]
86dac605 by 'markdoliner' 03/17/2009[[BR]]
a1ad9ab6 by 'markdoliner' 12/06/2008[[BR]]
[[BR]]
[[BR]]
History of this issue:[[BR]]
[[BR]]
1. Try to fix the same double-free I'm fixing now with a patch[[BR]]
from downstream Debian:[[BR]]
Revision: 7a490c356e10f7fff3432f875897aa0ca0ad1ff0[[BR]]
Date: 05/22/2008 09:01:58 PM[[BR]]
[[BR]]
2. It seems that the previous patch introduced 2 memory leaks, which[[BR]]
are fixed with:[[BR]]
Revision: 7a36a9ecbcc902ee89656d5267e613aa1dc0b889[[BR]]
Date: 06/09/2008 12:54:56 AM[[BR]]
and[[BR]]
Revision: c7c882ce933f14ae4b89d4c9782a84accaec53b5[[BR]]
Date: 07/19/2008 12:10:23 AM[[BR]]
[[BR]]
3. Modification in libpurple/util.c reintroduced the double-free:[[BR]]
Revision: a1ad9ab6671970d851852ea29ac86fbd0b43a2f2[[BR]]
Date: 12/06/2008 03:08:20 AM[[BR]]
and [[BR]]
Revision: 86dac605e7e7ef1ac36e03862a15ef24ef31d9dc[[BR]]
Date: 03/17/2009 12:56:57 AM[[BR]]
--
Ticket URL: <http://developer.pidgin.im/ticket/15053>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list