[Pidgin] #14571: Win32 installer uses insecure GTK+ version

Pidgin trac at pidgin.im
Fri Aug 24 08:59:55 EDT 2012 

#14571: Win32 installer uses insecure GTK+ version
--------------------+-------------------------------------------------------
 Reporter:  sdierl  |        Owner:  datallah       
     Type:  defect  |       Status:  new            
Milestone:  3.0.0   |    Component:  winpidgin (gtk)
  Version:  2.10.0  |   Resolution:                 
 Keywords:          |  
--------------------+-------------------------------------------------------

Comment(by datallah):

 Replying to [comment:15 ioerror]:
 > Ok, so, I hacked up a simple way to get the Ubuntu pidgin to send a
 malformed png to the Windows pidgin:
 <SNIP>
 > Now the server hasn't parsed the images and so it has no idea that I've
 loaded a malformed image into my icon. It returns it to the requesting
 user as expected:
 {{{
 > (02:45:38) jabber: Recv (ssl)(4095): <iq from='xxx at jabber.ccc.de'
 to='yyy at jabber.ccc.de/pidgin-wine-otr' id='purplec1ab1726'
 type='result'><vCard xmlns='vcard-temp'>
 <SNIP>
 > (02:45:38) util: Writing file C:\users\xxx\Application
 Data\.purple\icons\190831cd1b33ca2b5906e3f7e2701df96f4271a1.png
 > (02:45:38) gtkutils: gdk_pixbuf_loader_write() failed with size=6921:
 Fatal error reading PNG image file: Decompression Error
 > (02:45:38) gtkblist: Couldn't load buddy icon on account
 yyy at jabber.ccc.de (prpl-jabber)  buddyname=xxx at jabber.ccc.de
 custom_img_data=00000000
 > (02:45:38) gtkutils: gdk_pixbuf_loader_write() failed with size=6921:
 Fatal error reading PNG image file: Decompression Error
 > (02:45:38) gtkblist: Couldn't load buddy icon on account
 yyy at jabber.ccc.de (prpl-jabber)  buddyname=xxx at jabber.ccc.de
 custom_img_data=00000000
 > (02:45:38) buddyicon: Deleted cache file: C:\users\xxx\Application
 Data\.purple\icons\c3399a8e9f4fbf8c151d3e0f32024ca40074c9cc.png
 > (02:45:38) jabber: Recv (ssl)(174): <iq from='xxx at jabber.ccc.de/ccc'
 to='yyy at jabber.ccc.de' type='result' id='purplec1ab1727'><query
 xmlns='jabber:iq:last' seconds='0'/></iq>
 > (02:45:38) imgstore: retrieved image id 4
 > (02:45:38) gtkutils: gdk_pixbuf_loader_write() failed with size=6921:
 Fatal error reading PNG image file: Decompression Error
 > (02:45:38) imgstore: retrieved image id 4
 }}}

 This is similar to above; the gdk-pixbuf writer can't handle the malformed
 image, but it isn't really a problem, it's just telling you that it can't
 handle it.

 <SNIP>

 > When I start a chat properly from the Windows pidgin to the Ubuntu
 Pidgin, I see the following in the Windows debug log, it is repeated over
 and over:
 <SNIP>

 Again, not really a problem.

 > It seems that I can indeed reach the remote png parser as expected.
 Isn't that the libpng png parser?

 Yes, it is reaching gdk-pixbuf and libpng; this wasn't really ever in
 doubt.

 Like I said, it is likely that the libpng issues are a potential problem,
 there isn't really any need to do further investigation.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14571#comment:18>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list