[Pidgin] #14636: Heap memory corruption using g_markup_escape_text() without sanitizing first

Pidgin trac at pidgin.im
Wed May 16 06:43:14 EDT 2012


#14636: Heap memory corruption using g_markup_escape_text() without sanitizing
first
------------------------------------------------+---------------------------
 Reporter:  dbauche                             |        Owner:  elb   
     Type:  defect                              |       Status:  closed
Milestone:  v2.10.1                             |    Component:  SILC  
  Version:  2.10.0                              |   Resolution:  fixed 
 Keywords:  Overflow,Heap,g_markup_escape_text  |  
------------------------------------------------+---------------------------

Comment(by clas):

 Tested and it fixes the issue i've been having issues with for days.

 Nice work Thanks !
 /Ivan.

 ------------------------------------------------------------------------------------

 Can anyone confirm if there is no ticket for this yet?

 From libpurple/protocols/silc/ops.c:

 static void silc_private_message(SilcClient?
 [http://www.events-i-aarhus.dk events] client, SilcClientConnection? conn,

 SilcClientEntry? sender, SilcMessagePayload? payload, SilcMessageFlags?
 flags, [http://www.events-i-aarhus.dk arrangement] const unsigned char
 *message, SilcUInt32 message_len)

 {

 PurpleConnection? *gc = client->application; SilcPurple? sg =
 gc->proto_data; PurpleConversation? *convo = NULL; char *msg, *tmp;

 [...]

 if (flags & SILC_MESSAGE_FLAG_UTF8) { tmp = g_markup_escape_text((const
 char *)message, -1); /* Send to [http://www.events-i-aarhus.dk
 teambuilding] */ serv_got_im(gc, sender->nickname, tmp, 0, time(NULL));
 g_free(tmp);

 [...]

 }

-- 
Ticket URL: <http://developer.pidgin.im/ticket/14636#comment:5>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list