[Pidgin] #15053: Fix a double-free in Yahoo profile/picture code

Pidgin trac at pidgin.im
Sun Jul 22 04:09:36 EDT 2012


#15053: Fix a double-free in Yahoo profile/picture code
------------------------------------------------------+---------------------
 Reporter:  mihais                                    |        Owner:  sulabh.dev         
     Type:  patch                                     |       Status:  new                
Milestone:  Patches Needing Review                    |    Component:  Yahoo!/Yahoo! JAPAN
  Version:  2.10.3                                    |   Resolution:                     
 Keywords:  crash yahoo proxy update profile picture  |  
------------------------------------------------------+---------------------
Description changed by QuLogic:

Old description:

> Re-fix a double-free in the Yahoo profile/picture code.[[BR]]
> [[BR]]
> User data passed to
> '''purple_util_fetch_url'''/'''purple_util_fetch_url_request''' is[[BR]]
> already freed by the '''yahoo_got_info'''/'''yahoo_fetch_picture_cb'''
> callbacks on the[[BR]]
> error paths.[[BR]]
> This happens since '''purple_util_fetch_url_error''' calls were
> introduced to[[BR]]
> '''purple_util_fetch_url_request''' by revisions:[[BR]]
> [[BR]]
> 86dac605 by 'markdoliner' 03/17/2009[[BR]]
> a1ad9ab6 by 'markdoliner' 12/06/2008[[BR]]
> [[BR]]
> [[BR]]
> History of this issue:[[BR]]
> [[BR]]
> 1. Try to fix the same double-free I'm fixing now with a patch[[BR]]
> from downstream Debian:[[BR]]
> Revision: 7a490c356e10f7fff3432f875897aa0ca0ad1ff0[[BR]]
> Date:     05/22/2008 09:01:58 PM[[BR]]
> [[BR]]
> 2. It seems that the previous patch introduced 2 memory leaks,
> which[[BR]]
> are fixed with:[[BR]]
> Revision: 7a36a9ecbcc902ee89656d5267e613aa1dc0b889[[BR]]
> Date:     06/09/2008 12:54:56 AM[[BR]]
> and[[BR]]
> Revision: c7c882ce933f14ae4b89d4c9782a84accaec53b5[[BR]]
> Date:     07/19/2008 12:10:23 AM[[BR]]
> [[BR]]
> 3. Modification in libpurple/util.c reintroduced the double-free:[[BR]]
> Revision: a1ad9ab6671970d851852ea29ac86fbd0b43a2f2[[BR]]
> Date:     12/06/2008 03:08:20 AM[[BR]]
> and [[BR]]
> Revision: 86dac605e7e7ef1ac36e03862a15ef24ef31d9dc[[BR]]
> Date:     03/17/2009 12:56:57 AM[[BR]]

New description:

 Re-fix a double-free in the Yahoo profile/picture code.

 User data passed to
 '''purple_util_fetch_url'''/'''purple_util_fetch_url_request''' is
 already freed by the '''yahoo_got_info'''/'''yahoo_fetch_picture_cb'''
 callbacks on the
 error paths. This happens since '''purple_util_fetch_url_error''' calls
 were introduced to '''purple_util_fetch_url_request''' by revisions:

 86dac605 by 'markdoliner' 03/17/2009[[BR]]
 a1ad9ab6 by 'markdoliner' 12/06/2008[[BR]]

 History of this issue:

 1. Try to fix the same double-free I'm fixing now with a patch
 from downstream Debian:[[BR]]
 Revision: viewmtn:7a490c356e10f7fff3432f875897aa0ca0ad1ff0 [[BR]]
 Date:     05/22/2008 09:01:58 PM[[BR]]
 [[BR]]
 2. It seems that the previous patch introduced 2 memory leaks, which
 are fixed with:[[BR]]
 Revision: viewmtn:7a36a9ecbcc902ee89656d5267e613aa1dc0b889 [[BR]]
 Date:     06/09/2008 12:54:56 AM[[BR]]
 and[[BR]]
 Revision: viewmtn:c7c882ce933f14ae4b89d4c9782a84accaec53b5 [[BR]]
 Date:     07/19/2008 12:10:23 AM[[BR]]
 [[BR]]
 3. Modification in libpurple/util.c reintroduced the double-free:[[BR]]
 Revision: viewmtn:a1ad9ab6671970d851852ea29ac86fbd0b43a2f2 [[BR]]
 Date:     12/06/2008 03:08:20 AM[[BR]]
 and [[BR]]
 Revision: viewmtn:86dac605e7e7ef1ac36e03862a15ef24ef31d9dc [[BR]]
 Date:     03/17/2009 12:56:57 AM

--

-- 
Ticket URL: <http://developer.pidgin.im/ticket/15053#comment:2>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list