Ticket #14518 (closed patch: fixed)
Segfault with misplaced 366 ("End of /NAMES list") message
| Reported by: | udp | Owned by: | elb |
|---|---|---|---|
| Milestone: | 2.10.0 | Component: | IRC |
| Version: | 2.9.0 | Keywords: | |
| Cc: |
Description (last modified by udp) (diff)
If a misbehaving IRC server sends 366 ("End of /NAMES list") without sending any names and when Pidgin isn't expecting it (ie. IRC_NAMES_FLAG isn't
set), a NULL irc->names will be dereferenced anyway, causing a segmentation fault :-
Program received signal SIGSEGV, Segmentation fault.
0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0, name=0x7fffe972726d "366", from=0xec58f0 "Bridge",
args=0xebd2b0) at msgs.c:594
594 while (*cur) {
#0 0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0, name=0x7fffe972726d "366", from=0xec58f0 "Bridge",
args=0xebd2b0) at msgs.c:594
#1 0x00007fffe9726068 in irc_parse_msg (irc=0xdcc9b0,
input=0xe640d0 ":Bridge 366 Jamie #EDS_Lounge :End of /NAMES list") at parse.c:737
#2 0x00007fffe971eab5 in read_input (irc=0xdcc9b0, len=51) at irc.c:655
#3 0x00007fffe971ee7f in irc_input_cb (data=0xdcc8e0, source=12, cond=PURPLE_INPUT_READ) at irc.c:734
#4 0x000000000047b9e2 in pidgin_io_invoke (source=0xdcc7e0, condition=G_IO_IN, data=0xdcef80)
at gtkeventloop.c:73
#5 0x00007ffff35ac29d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#6 0x00007ffff35aca78 in ?? () from /usr/lib/libglib-2.0.so.0
#7 0x00007ffff35ad0ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#8 0x00007ffff5eaa1a7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#9 0x000000000049c76c in main (argc=1, argv=0x7fffffffe868) at gtkmain.c:934
Attachments
Change History
Note: See
TracTickets for help on using
tickets.
