Fix an out of bounds write in purple_markup_linkify.

Review Request #781 — Created June 23, 2021 and submitted

Information

pidgin/pidgin
release-2.x.y
d284f5089e0c

Reviewers

This was found by Thomas Roth <code@stacksmashing.net>, Dominik Maier
<mail@dmnk.co>, and Fabian Freyer <mail@fabianfreyer.de>.

Compiled and ran the purple_markup_linkify_fuzzer from the google oss-fuzz project to verify the fix.

Description From Last Updated

Bounds should be checked before the dereference. Can you add the braces too?

QuLogicQuLogic
QuLogic
  1. 
      
  2. libpurple/util.c (Diff revision 1)
     
     
     

    Bounds should be checked before the dereference.

    Can you add the braces too?

    1. Sure this was just the raw patch.. Also I forgot that I used the fuzzer they provided which I'll add after 760 is merged.

  3. 
      
grim
QuLogic
  1. Ship It!
  2. 
      
rekkanoryo
  1. Ship It!
  2. 
      
grim
grim
grim
grim
Review request changed

Status: Closed (submitted)

Loading...