Fix an out of bounds write in purple_markup_linkify.

Review Request #781 — Created June 23, 2021 and submitted

grim
pidgin/pidgin
release-2.x.y
d284f5089e0c
pidgin
This was found by Thomas Roth <code@stacksmashing.net>, Dominik Maier
<mail@dmnk.co>, and Fabian Freyer <mail@fabianfreyer.de>.

Compiled and ran the purple_markup_linkify_fuzzer from the google oss-fuzz project to verify the fix.

  • 0
  • 0
  • 1
  • 0
  • 1
Description From Last Updated
QuLogic
  1. 
      
  2. libpurple/util.c (Diff revision 1)
     
     
     

    Bounds should be checked before the dereference.

    Can you add the braces too?

    1. Sure this was just the raw patch.. Also I forgot that I used the fuzzer they provided which I'll add after 760 is merged.

  3. 
      
grim
QuLogic
  1. Ship It!
  2. 
      
rekkanoryo
  1. Ship It!
  2. 
      
grim
grim
grim
grim
Review request changed

Status: Closed (submitted)

Loading...