#1255 closed defect (fixed)

Crash in strip_html - attempting to modify const strings

Reported by: syldrathecat Owned by:
Priority: normal Milestone:
Component: Purple Version:
Keywords: Cc:
IRC client+version: Client-independent Operating System: Linux
OS version/distro:


Bitlbee's libpurple code treats messages coming in via prplcb_conv_chat_msg as a mutable string, though it should be treated as a const string.

If a purple plugin calls purple_conv_chat_write with a const string, the same pointer ends up passed to prplcb_conv_chat_msg in bitlbee, and through some process eventually passed to strip_html which attempts to modify the string and crashes.

The problematic line in prplcb_conv_char_msg is: imcb_chat_msg(gc, who, (char *) message, 0, mtime);

Please see for an example crash/backtrace.

The crash only happens since commit 48b5fef4, which enabled HTML processing for all protocols.

Attachments (0)

Change History (3)

comment:1 Changed at 2016-05-26T00:34:50Z by dx

Neat! Thanks for debugging this. Here's a potential fix, please test:

comment:2 Changed at 2016-05-26T00:54:00Z by syldrathecat

Cross-posting, can confirm that this fix eliminates the crash. :)

comment:3 Changed at 2016-05-26T04:12:56Z by dx

Resolution: fixed
Status: newclosed

Merged to master

Modify Ticket

as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.