Changeset 9698fc0


Ignore:
Timestamp:
2016-10-12T08:12:41Z (3 years ago)
Author:
dequis <dx@…>
Branches:
master
Children:
a08b2db
Parents:
01d56c0
git-author:
dequis <dx@…> (12-10-16 08:07:25)
git-committer:
dequis <dx@…> (12-10-16 08:12:41)
Message:

jabber: Don't pass a readonly empty string to imcb_chat_topic()

Fixes crashes when a topic is unset and strip_html is set to always.
Turns out that the strip_html() function does a strcpy at the end which
may write a single null byte over the null byte of the empty string, and
if it's not in writable memory, that blows up.

Thanks to iamthemcmaster / mcm for pointing this out

File:
1 edited

Legend:

Unmodified
Added
Removed
  • protocols/jabber/conference.c

    r01d56c0 r9698fc0  
    466466
    467467        if (subject && chat) {
    468                 char *subject_text = subject->text_len > 0 ? subject->text : "";
     468                char empty[1] = "";
     469                char *subject_text = subject->text_len > 0 ? subject->text : empty;
    469470                if (g_strcmp0(chat->topic, subject_text) != 0) {
    470471                        bare_jid = (bud) ? jabber_get_bare_jid(bud->ext_jid) : NULL;
Note: See TracChangeset for help on using the changeset viewer.