[Pidgin] #15053: Fix a double-free in Yahoo profile/picture code
Pidgin
trac at pidgin.im
Sun Jul 22 04:09:36 EDT 2012
#15053: Fix a double-free in Yahoo profile/picture code
------------------------------------------------------+---------------------
Reporter: mihais | Owner: sulabh.dev
Type: patch | Status: new
Milestone: Patches Needing Review | Component: Yahoo!/Yahoo! JAPAN
Version: 2.10.3 | Resolution:
Keywords: crash yahoo proxy update profile picture |
------------------------------------------------------+---------------------
Description changed by QuLogic:
Old description:
> Re-fix a double-free in the Yahoo profile/picture code.[[BR]]
> [[BR]]
> User data passed to
> '''purple_util_fetch_url'''/'''purple_util_fetch_url_request''' is[[BR]]
> already freed by the '''yahoo_got_info'''/'''yahoo_fetch_picture_cb'''
> callbacks on the[[BR]]
> error paths.[[BR]]
> This happens since '''purple_util_fetch_url_error''' calls were
> introduced to[[BR]]
> '''purple_util_fetch_url_request''' by revisions:[[BR]]
> [[BR]]
> 86dac605 by 'markdoliner' 03/17/2009[[BR]]
> a1ad9ab6 by 'markdoliner' 12/06/2008[[BR]]
> [[BR]]
> [[BR]]
> History of this issue:[[BR]]
> [[BR]]
> 1. Try to fix the same double-free I'm fixing now with a patch[[BR]]
> from downstream Debian:[[BR]]
> Revision: 7a490c356e10f7fff3432f875897aa0ca0ad1ff0[[BR]]
> Date: 05/22/2008 09:01:58 PM[[BR]]
> [[BR]]
> 2. It seems that the previous patch introduced 2 memory leaks,
> which[[BR]]
> are fixed with:[[BR]]
> Revision: 7a36a9ecbcc902ee89656d5267e613aa1dc0b889[[BR]]
> Date: 06/09/2008 12:54:56 AM[[BR]]
> and[[BR]]
> Revision: c7c882ce933f14ae4b89d4c9782a84accaec53b5[[BR]]
> Date: 07/19/2008 12:10:23 AM[[BR]]
> [[BR]]
> 3. Modification in libpurple/util.c reintroduced the double-free:[[BR]]
> Revision: a1ad9ab6671970d851852ea29ac86fbd0b43a2f2[[BR]]
> Date: 12/06/2008 03:08:20 AM[[BR]]
> and [[BR]]
> Revision: 86dac605e7e7ef1ac36e03862a15ef24ef31d9dc[[BR]]
> Date: 03/17/2009 12:56:57 AM[[BR]]
New description:
Re-fix a double-free in the Yahoo profile/picture code.
User data passed to
'''purple_util_fetch_url'''/'''purple_util_fetch_url_request''' is
already freed by the '''yahoo_got_info'''/'''yahoo_fetch_picture_cb'''
callbacks on the
error paths. This happens since '''purple_util_fetch_url_error''' calls
were introduced to '''purple_util_fetch_url_request''' by revisions:
86dac605 by 'markdoliner' 03/17/2009[[BR]]
a1ad9ab6 by 'markdoliner' 12/06/2008[[BR]]
History of this issue:
1. Try to fix the same double-free I'm fixing now with a patch
from downstream Debian:[[BR]]
Revision: viewmtn:7a490c356e10f7fff3432f875897aa0ca0ad1ff0 [[BR]]
Date: 05/22/2008 09:01:58 PM[[BR]]
[[BR]]
2. It seems that the previous patch introduced 2 memory leaks, which
are fixed with:[[BR]]
Revision: viewmtn:7a36a9ecbcc902ee89656d5267e613aa1dc0b889 [[BR]]
Date: 06/09/2008 12:54:56 AM[[BR]]
and[[BR]]
Revision: viewmtn:c7c882ce933f14ae4b89d4c9782a84accaec53b5 [[BR]]
Date: 07/19/2008 12:10:23 AM[[BR]]
[[BR]]
3. Modification in libpurple/util.c reintroduced the double-free:[[BR]]
Revision: viewmtn:a1ad9ab6671970d851852ea29ac86fbd0b43a2f2 [[BR]]
Date: 12/06/2008 03:08:20 AM[[BR]]
and [[BR]]
Revision: viewmtn:86dac605e7e7ef1ac36e03862a15ef24ef31d9dc [[BR]]
Date: 03/17/2009 12:56:57 AM
--
--
Ticket URL: <http://developer.pidgin.im/ticket/15053#comment:2>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list