Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#14297 closed patch (fixed)

purple_parse_oncoming() passes NULL pointer to printf()

Reported by: clh Owned by: MarkDoliner
Milestone: 2.9.0 Component: AIM
Version: 2.8.0 Keywords:
Cc:

Description (last modified by clh)

In libpurple/protocols/oscar/oscar.c there are two places where a NULL pointer can be passed to purple_debug_info() and ultimately a printf variant:

  1456          message = (info->status && info->status_len > 0)
  1457                          ? oscar_encoding_to_utf8(info->status_encoding, info->status, info->status_len)
  1458                          : NULL;
  1464                          itmsurl = (info->itmsurl_len > 0) ? oscar_encoding_to_utf8(info->itmsurl_encoding, info->itmsurl, info->itmsurl_len) : NULL;

Both itmsurl and message are passed as character pointers to purple_debug_info() and ultimately to a printf variant:

  1468                  purple_debug_info("oscar", "Activating status '%s' for buddy %s, message = '%s', itmsurl = '%s'\n", status_id, info->bn, message, itmsurl);

  1471                  purple_debug_info("oscar", "Activating status '%s' for buddy %s, message = '%s'\n", status_id, info->bn, message);

This diff fixes these places:

--- libpurple/protocols/oscar/oscar.c.old       Tue Jun  7 10:44:41 2011
+++ libpurple/protocols/oscar/oscar.c   Wed Jun 15 16:30:19 2011
@@ -1465,10 +1465,10 @@
                } else if (previous_status != NULL && purple_status_is_available(previous_status)) {
                        itmsurl = g_strdup(purple_status_get_attr_string(previous_status, "itmsurl"));
                }
-               purple_debug_info("oscar", "Activating status '%s' for buddy %s, message = '%s', itmsurl = '%s'\n", status_id, info->bn, message, itmsurl);
+               purple_debug_info("oscar", "Activating status '%s' for buddy %s, message = '%s', itmsurl = '%s'\n", status_id, info->bn, message ? message : "", itmsurl ? itmsurl : "");
                purple_prpl_got_user_status(account, info->bn, status_id, "message", message, "itmsurl", itmsurl, NULL);
        } else {
-               purple_debug_info("oscar", "Activating status '%s' for buddy %s, message = '%s'\n", status_id, info->bn, message);
+               purple_debug_info("oscar", "Activating status '%s' for buddy %s, message = '%s'\n", status_id, info->bn, message ? message : "");
                purple_prpl_got_user_status(account, info->bn, status_id, "message", message, NULL);
        }


Change History (9)

comment:1 Changed 8 years ago by clh

  • Component changed from unclassified to AIM
  • Owner changed from rekkanoryo to MarkDoliner
  • Type changed from defect to patch
  • Version changed from 2.7.11 to 2.8.0

comment:2 Changed 8 years ago by clh

Hmm, hold that one, the patch seems to break pidgin.

comment:3 Changed 8 years ago by clh

  • Description modified (diff)

Fixed patch, original version was very broken.

comment:4 Changed 8 years ago by darkrain42

  • Milestone set to 2.8.1

It really needs to be "(null)", but otherwise is fine.

comment:5 Changed 8 years ago by darkrain42@…

  • Resolution set to fixed
  • Status changed from new to closed

(In d4ad4dcf4f618793c9201ace11269bac63645d69):
oscar: Avoid a few printf("%s", NULL)s

Thanks to clh and dustin. Fixes #14295, #14297.

comment:6 Changed 8 years ago by darkrain42@…

(In 1e3728083b5ef50e0df8972a39da09a1ddea8417):
oscar: ...fix the *right* line this time.

Refs #14297

comment:7 Changed 8 years ago by markdoliner@…

(In 7b9efa594d3a94f77d00a96bbeda2a71a48e8616):
applied changes from 00c6d11a264a02d1aaa23feb52eab5ca46e655c8

through d4ad4dcf4f618793c9201ace11269bac63645d69

Original commit message: oscar: Avoid a few printf("%s", NULL)s

Thanks to clh and dustin. Fixes #14295, #14297.

comment:8 Changed 8 years ago by markdoliner@…

(In 33261adfe3a390ba3d8545224305846861682c7c):
applied changes from d4ad4dcf4f618793c9201ace11269bac63645d69

through 1e3728083b5ef50e0df8972a39da09a1ddea8417

Original commit message: oscar: ...fix the *right* line this time.

Refs #14297

comment:9 Changed 8 years ago by QuLogic

  • Milestone changed from 2.9.1 to 2.9.0
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!