#14636: Heap memory corruption using g_markup_escape_text() without sanitizing
first
------------------------------------------------+---------------------------
Reporter: dbauche | Owner: elb
Type: defect | Status: closed
Milestone: v2.10.1 | Component: SILC
Version: 2.10.0 | Resolution: fixed
Keywords: Overflow,Heap,g_markup_escape_text |
------------------------------------------------+---------------------------
Comment(by clas):
Tested and it fixes the issue i've been having issues with for days.
Nice work Thanks !
/Ivan.
------------------------------------------------------------------------------------
Can anyone confirm if there is no ticket for this yet?
From libpurple/protocols/silc/ops.c:
static void silc_private_message(SilcClient?
[http://www.events-i-aarhus.dk events] client, SilcClientConnection? conn,
SilcClientEntry? sender, SilcMessagePayload? payload, SilcMessageFlags?
flags, [http://www.events-i-aarhus.dk arrangement] const unsigned char
*message, SilcUInt32 message_len)
{
PurpleConnection? *gc = client->application; SilcPurple? sg =
gc->proto_data; PurpleConversation? *convo = NULL; char *msg, *tmp;
[...]
if (flags & SILC_MESSAGE_FLAG_UTF8) { tmp = g_markup_escape_text((const
char *)message, -1); /* Send to [http://www.events-i-aarhus.dk
teambuilding] */ serv_got_im(gc, sender->nickname, tmp, 0, time(NULL));
g_free(tmp);
[...]
}
--
Ticket URL: <http://developer.pidgin.im/ticket/14636#comment:5>
Pidgin <http://pidgin.im>
Pidgin