[Pidgin] #15053: Fix a double-free in Yahoo profile/picture code

Pidgin trac at pidgin.im
Mon Apr 9 08:16:23 EDT 2012

#15053: Fix a double-free in Yahoo profile/picture code
 Reporter:  mihais                                    |     Owner:  sulabh.dev
     Type:  patch                                     |    Status:  new       
Component:  Yahoo!/Yahoo! JAPAN                       |   Version:  2.10.3    
 Keywords:  crash yahoo proxy update profile picture  |  
 Re-fix a double-free in the Yahoo profile/picture code.[[BR]]
 User data passed to
 '''purple_util_fetch_url'''/'''purple_util_fetch_url_request''' is[[BR]]
 already freed by the '''yahoo_got_info'''/'''yahoo_fetch_picture_cb'''
 callbacks on the[[BR]]
 error paths.[[BR]]
 This happens since '''purple_util_fetch_url_error''' calls were introduced
 '''purple_util_fetch_url_request''' by revisions:[[BR]]
 86dac605 by 'markdoliner' 03/17/2009[[BR]]
 a1ad9ab6 by 'markdoliner' 12/06/2008[[BR]]
 History of this issue:[[BR]]
 1. Try to fix the same double-free I'm fixing now with a patch[[BR]]
 from downstream Debian:[[BR]]
 Revision: 7a490c356e10f7fff3432f875897aa0ca0ad1ff0[[BR]]
 Date:     05/22/2008 09:01:58 PM[[BR]]
 2. It seems that the previous patch introduced 2 memory leaks, which[[BR]]
 are fixed with:[[BR]]
 Revision: 7a36a9ecbcc902ee89656d5267e613aa1dc0b889[[BR]]
 Date:     06/09/2008 12:54:56 AM[[BR]]
 Revision: c7c882ce933f14ae4b89d4c9782a84accaec53b5[[BR]]
 Date:     07/19/2008 12:10:23 AM[[BR]]
 3. Modification in libpurple/util.c reintroduced the double-free:[[BR]]
 Revision: a1ad9ab6671970d851852ea29ac86fbd0b43a2f2[[BR]]
 Date:     12/06/2008 03:08:20 AM[[BR]]
 and [[BR]]
 Revision: 86dac605e7e7ef1ac36e03862a15ef24ef31d9dc[[BR]]
 Date:     03/17/2009 12:56:57 AM[[BR]]

Ticket URL: <http://developer.pidgin.im/ticket/15053>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list