Summary

Fix segmentation fault on IRC server reply

Review Request #1484 — Created May 28, 2022 and submitted May 31, 2022, 1:54 a.m.

Information

Owner

belgin

Repository

pidgin/pidgin

Branch

release-2.x.y

Bugs

PIDGIN-17375

Depends On

Reviewers

Groups

pidgin

People

Description

When Pidgin received :nick!user@host JOIN #channel from an IRC
server, it worked fine, but when it received
:nick JOIN #channel, it crashed with a segmentation fault.

Testing Done

Tested with a custom IRC server that only sends the nickname. Also tested on Libera Chat.

Commits

Summary	ID
Fix segmentation fault on IRC server reply When Pidgin received ":nick!user@host JOIN #channel" from an IRC server, it worked fine, but when it received ":nick JOIN #channel", it crashed with a segmentation fault.	7341ec362a563762dd25507b21dca3477447d8c8

Issues

Description	From	Last Updated
what happens if the server replies with :nick! JOIN #channel?	grim	May 30, 2022, 9:09 p.m.

libpurple/protocols/irc/msgs.c (Diff revision 1)

Show all issues

what happens if the server replies with :nick! JOIN #channel?

belgin May 28, 2022, 10:09 a.m.

I just tested this.
On entry in irc_mask_userhost, mask points to the string "nick!".
The call to strchr returns a pointer to the string "!", which is stored in sep.
sep is non-NULL so host will point to an empty string "" (a string that contains only the nul string terminator), which gets passed to g_strdup.
This is similar to the case when sep is NULL, g_strdup just dups an empty string.
I made it this way because the result of irc_mask_userhost gets g_free'd later.

grim May 30, 2022, 9:09 p.m.

Awesome. I assumed it was alright, but since you said you can do custom replies and stuff figured it was worth a test ;)

Ship it!

```
Ship It!
```
```
Great work! Thanks!!
```

Review Board 6.0.2

Fix segmentation fault on IRC server reply

Information

Reviewers

Status: Closed (submitted)