FYI: 7e159eaa14b0041fcc3ee5783cd1e4f2d039a1a1 (included in pidgin-2.7.2) is unneeded cruft
paul at darkrain42.org
Tue Aug 3 20:58:22 EDT 2010
On 2010-08-03 17:35, Yuriy Kaminskiy wrote:
> This patch had sense only before pidgin-2.5.8 (seems someone was even more slow
> with pushing patches upstream than me :-)).
> My patch (included in 2.5.8) fixed this problem in more generic way - now it is
> impossible to allocate those "big amount of memory", as *before* allocation
> byte_stream_getstr would check for available buffer size (which was already read
> from network and allocated [more than once; pidgin is far from being zero-copy
> design], and so cannot be "large").
> So no wonder you could not reproduce this issue (it *was* very real [with
> security implications] issue before, but already fixed [in different way] long
> time ago).
Sadly, this is incorrect. There were at least two people who reported
intermittent (unreproducible-ish) crashes in this area in post-2.5.8
code (I'm uncertain on versions, but I know at least one of those MUST
have been using 2.6.0+).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 897 bytes
Desc: OpenPGP digital signature
More information about the Devel