Opened at 2016-05-25T23:55:13Z
Closed at 2016-05-26T04:12:56Z
#1255 closed defect (fixed)
Crash in strip_html - attempting to modify const strings
| Reported by: | syldrathecat | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Purple | Version: | |
| Keywords: | Cc: | ||
| IRC client+version: | Client-independent | Operating System: | Linux |
| OS version/distro: |
Description
Bitlbee's libpurple code treats messages coming in via prplcb_conv_chat_msg as a mutable string, though it should be treated as a const string.
If a purple plugin calls purple_conv_chat_write with a const string, the same pointer ends up passed to prplcb_conv_chat_msg in bitlbee, and through some process eventually passed to strip_html which attempts to modify the string and crashes.
The problematic line in prplcb_conv_char_msg is: imcb_chat_msg(gc, who, (char *) message, 0, mtime);
Please see https://github.com/fcwill/fchat-pidgin/issues/112 for an example crash/backtrace.
The crash only happens since commit 48b5fef4, which enabled HTML processing for all protocols.
Attachments (0)
Change History (3)
comment:1 Changed at 2016-05-26T00:34:50Z by
comment:2 Changed at 2016-05-26T00:54:00Z by
Cross-posting, can confirm that this fix eliminates the crash. :)
comment:3 Changed at 2016-05-26T04:12:56Z by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Merged to master
Neat! Thanks for debugging this. Here's a potential fix, please test: https://github.com/bitlbee/bitlbee/commit/0e48e549e7693f665b43bcad5e14ef26447bfe5b