[Secure-testing-team] Bug#484286: [pidgin-musictracker] pidgin crashes: invalid utf8 data

josx josx at interorganic.com.ar
Tue Jun 3 12:28:01 UTC 2008 

Package: pidgin-musictracker
Version: 0.4.1-1
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

--- Please enter the report below this line. ---

I am using pidgin-musictracker but when libpurple tries to validate an string 
coming from that plugin pidgin suddenly crashes.

this is the problem in the pidgin -d ouput

--------
(08:47:31) core-musictracker: Setting axn99912 status to: Amarok: 03. En 
Montevideo Los Ni�os Que Visten De Negro Aun Son Los Mas Coloridos.mp3 by 
Boom Boom Kid Y Los Pirexia Kids on Sin Sanata Y Con El Tupe De No Callar 
(4:00)

(08:47:31) jabber: jabber_actions: have pep: NO
(08:47:31) g_log: purple_url_encode: assertion `g_utf8_validate(str, -1, 
NULL)' failed
Pidgin 2.4.2 ha tenido un fallo y ha intentado generar un fichero «core»
--------

this is the ouput on crash with gdb

--------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb71c7720 (LWP 6713)]
0xb75ed0f3 in strlen () from /lib/i686/cmov/libc.so.6
(gdb) bt full
#0  0xb75ed0f3 in strlen () from /lib/i686/cmov/libc.so.6
No symbol table info available.
#1  0xb691a3be in msn_act_id () from /usr/lib/pidgin/musictracker.so
No symbol table info available.
#2  0xb691a73b in set_status () from /usr/lib/pidgin/musictracker.so
No symbol table info available.
#3  0xb691a89d in set_userstatus_for_active_accounts () 
from /usr/lib/pidgin/musictracker.so
No symbol table info available.
#4  0xb691aa38 in ?? () from /usr/lib/pidgin/musictracker.so
No symbol table info available.
#5  0x087fe2d0 in ?? ()
No symbol table info available.
#6  0xbf9919a0 in ?? ()
No symbol table info available.
#7  0xbf991a04 in ?? ()
No symbol table info available.
#8  0xbf991a68 in ?? ()
No symbol table info available.
#9  0xbf9919a0 in ?? ()
No symbol table info available.
#10 0x00000002 in ?? ()
No symbol table info available.
#11 0xbf9919a0 in ?? ()
No symbol table info available.
#12 0xb7811e71 in ?? () from /usr/lib/libdbus-1.so.3
No symbol table info available.
#13 0x636e6163 in ?? ()
No symbol table info available.
#14 0x206ef369 in ?? ()
No symbol table info available.
#15 0x61206564 in ?? ()
No symbol table info available.
#16 0x00726f6d in ?? ()
No symbol table info available.
#17 0x00000000 in ?? ()



--------

It is an invalid utf8 data in the string of the song.




--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.24josx290108

Debian Release: lenny/sid
  500 testing         www.debian-multimedia.org 
  500 testing         security.debian.org 
  500 testing         http.us.debian.org 

--- Package information. ---
Depends                 (Version) | Installed
=================================-+-=============
libatk1.0-0           (>= 1.20.0) | 1.22.0-1
libc6                (>= 2.6.1-1) | 2.7-10
libcairo2              (>= 1.4.0) | 1.6.4-1+b1
libdbus-1-3            (>= 1.1.1) | 1.2.1-2
libdbus-glib-1-2        (>= 0.74) | 0.74-4
libfontconfig1         (>= 2.4.0) | 2.5.0-2
libglib2.0-0          (>= 2.14.0) | 2.16.3-2
libgtk2.0-0           (>= 2.12.0) | 2.12.9-3
libpango1.0-0         (>= 1.18.2) | 1.20.2-2
libpcre3                 (>= 6.0) | 7.4-1+lenny1
libx11-6                          | 2:1.0.3-7
libxcomposite1       (>= 1:0.3-1) | 1:0.4.0-2
libxcursor1            (>> 1.1.2) | 1:1.1.9-1
libxdamage1            (>= 1:1.1) | 1:1.1.1-4
libxext6                          | 2:1.0.4-1
libxfixes3           (>= 1:4.0.1) | 1:4.0.3-2
libxi6                            | 2:1.1.3-1
libxinerama1                      | 2:1.0.3-2
libxrandr2           (>= 2:1.2.0) | 2:1.2.2-2
libxrender1                       | 1:0.9.4-1


-- 
Di Biase José Luis
Blog --> [http://www.joseluisdibiase.com.ar]
"viaja hasta tu ideal, sembra tu flor, labra tu libertad, rega tu voz
cerra tus ojos que sobra lugar en idilia para los dos"

More information about the Secure-testing-team mailing list