Opened 8 years ago

Closed 8 years ago

#14518 closed patch (fixed)

Segfault with misplaced 366 ("End of /NAMES list") message

Reported by: udp Owned by: elb
Milestone: 2.10.0 Component: IRC
Version: 2.9.0 Keywords:
Cc:

Description (last modified by udp)

If a misbehaving IRC server sends 366 ("End of /NAMES list") without sending any names and when Pidgin isn't expecting it (ie. IRC_NAMES_FLAG isn't

set), a NULL irc->names will be dereferenced anyway, causing a segmentation fault :-

Program received signal SIGSEGV, Segmentation fault.
0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0, name=0x7fffe972726d "366", from=0xec58f0 "Bridge", 
    args=0xebd2b0) at msgs.c:594
594				while (*cur) {

#0  0x00007fffe9721d2a in irc_msg_names (irc=0xdcc9b0, name=0x7fffe972726d "366", from=0xec58f0 "Bridge", 
    args=0xebd2b0) at msgs.c:594
#1  0x00007fffe9726068 in irc_parse_msg (irc=0xdcc9b0, 
    input=0xe640d0 ":Bridge 366 Jamie #EDS_Lounge :End of /NAMES list") at parse.c:737
#2  0x00007fffe971eab5 in read_input (irc=0xdcc9b0, len=51) at irc.c:655
#3  0x00007fffe971ee7f in irc_input_cb (data=0xdcc8e0, source=12, cond=PURPLE_INPUT_READ) at irc.c:734
#4  0x000000000047b9e2 in pidgin_io_invoke (source=0xdcc7e0, condition=G_IO_IN, data=0xdcef80)
    at gtkeventloop.c:73
#5  0x00007ffff35ac29d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#6  0x00007ffff35aca78 in ?? () from /usr/lib/libglib-2.0.so.0
#7  0x00007ffff35ad0ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#8  0x00007ffff5eaa1a7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#9  0x000000000049c76c in main (argc=1, argv=0x7fffffffe868) at gtkmain.c:934

Attachments (1)

names.patch (354 bytes) - added by udp 8 years ago.

Download all attachments as: .zip

Change History (6)

Changed 8 years ago by udp

comment:1 Changed 8 years ago by udp

  • Description modified (diff)
  • Type changed from defect to patch

comment:2 Changed 8 years ago by udp

  • Description modified (diff)

comment:3 follow-up: Changed 8 years ago by elb

Could I get a name and email address for the commit message?

comment:4 in reply to: ↑ 3 Changed 8 years ago by udp

Sure :-

James McLaughlin? jamie@…

comment:5 Changed 8 years ago by jamie@…

  • Milestone set to 2.9.1
  • Resolution set to fixed
  • Status changed from new to closed

(In 29c6bcad8375eb01e1dff0f135c6cbd34dd20380):
Fix potential crash when NAMES is empty.

Fixes #14518

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!