Adium

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#5753 closed defect (fixed)

Adium crashes when sending formatted input over MSN

Reported by: Lfe Owned by: evands
Milestone: Adium X 1.0.2 Component: Service/MSN
Version: Severity: major
Keywords: msn crash formatted input Cc:
Patch Status:

Description

Steps to reproduce:

  1. Initiate chat with someone over MSN
  2. Enter lots of formatted text (i copied some from the above backlog (name + message), some 30 times)
  3. Send

Should give you crash, if not - you probably didn't enter enough text.

Attachments (3)

crash.log (31.8 KB) - added by Lfe 14 years ago.
crash report
crash.2.log (21.5 KB) - added by Will Jenkins 14 years ago.
patch5753.diff (1.4 KB) - added by Paul Livesey 14 years ago.
Patch to fix #5753

Download all attachments as: .zip

Change History (11)

Changed 14 years ago by Lfe

Attachment: crash.log added

crash report

comment:1 Changed 14 years ago by Eric Richie

Milestone: Needs feedback from users

I know there have been a number of gaim updates since this was filed, is it still an issue?

Changed 14 years ago by Will Jenkins

Attachment: crash.2.log added

comment:2 in reply to:  1 Changed 14 years ago by Will Jenkins

I don't think this is fixed yet. I can reproduce on 1.0.1. I've uploaded my crash.log

comment:3 Changed 14 years ago by Eric Richie

Milestone: Needs feedback from usersAdium X 1.0.2
priority: normalhigh
Version: 1.0b151.0.1

Moving to 1.0.2 since it's a crasher.

comment:4 Changed 14 years ago by Paul Livesey

This is a buffer over run in msn-utils.c in the depths of libgaim. If the string you paste in, or type in even, has <b>, <s>, <u> or <i> in it more than four times then memory corruption occurs. The more tags in the string the worse the damage. A patch is included to fix this.

Changed 14 years ago by Paul Livesey

Attachment: patch5753.diff added

Patch to fix #5753

comment:5 Changed 14 years ago by Evan Schoenberg

Owner: changed from nobody to Evan Schoenberg
Status: newassigned

This looks good to me, and the explanation jives with this having not been seen in Gaim: Gaim's text formatter knows that MSN allows only all-or-none formatting, so there's never more than one bold tag, one italic tag, etc. Adium, on the other hand, passes 'simple' HTML.

I'll review this and commit it upstream on Monday or Tuesday of this coming week.

comment:6 Changed 14 years ago by Evan Schoenberg

field_haspatch: 01

comment:7 Changed 14 years ago by Evan Schoenberg

Resolution: fixed
Status: assignedclosed

(In [19118]) Libgaim.framework to r 409, which includes the patch from plivesey in #5753 which fixes a crash when sending formatted MSN text which has multiple formatting changes of the same type. Fixes #5753

comment:8 Changed 14 years ago by Evan Schoenberg

(In [19119]) Merged [19118]: Libgaim.framework to r 409, which includes the patch from plivesey in #5753 which fixes a crash when sending formatted MSN text which has multiple formatting changes of the same type. Fixes #5753

Note: See TracTickets for help on using tickets.