[Pidgin] #15289: exchndl.dll issues

Pidgin trac at pidgin.im
Sun Aug 26 01:33:58 EDT 2012

#15289: exchndl.dll issues
 Reporter:  ioerror   |        Owner:  datallah       
     Type:  defect    |       Status:  new            
Milestone:            |    Component:  winpidgin (gtk)
  Version:  2.10.6    |   Resolution:                 
 Keywords:  security  |  

Comment(by ultramegaman):

 Also, this worries me. The OnStartup() routine looks like this:
        if(GetModuleFileName(NULL, szLogFileName, MAX_PATH))
                 LPTSTR lpszDot;
                 if((lpszDot = _tcsrchr(szLogFileName, _T('.'))))
                         _tcscpy(lpszDot, _T("RPT"));
                         _tcscat(szLogFileName, _T(".RPT"));
 Suppose that the full qualified path of the module contains a "." in the
 directory, such as C:\Users\myuser\pidgin.testing\module.exe; this code
 would create a file at C:\Users\myuser\pidgin.RPT, which is not what's

 A better example is when the path of the module approaches MAX_PATH in
 length and the GetModuleFileName call truncates the response and the
 truncation chops off the "." in the file name extension. The result is
 that szLogFileName will be MAX_PATH in length, which is the size of its
 allocated buffer. The "." is not found, so ".RPT" is added past the end of
 the buffer. This will surely result in corruption of the stack.

Ticket URL: <http://developer.pidgin.im/ticket/15289#comment:3>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list