Bug#693079: irssi-plugin-xmpp segfaults on specific circumstances

Tue, 13 Nov 2012 13:57:34 -0800 

Hi,

> If a user in the roster has a description which only consists of a single
> space character, irssi-xmpp will segfault.

thanks for bringing this to my attention. I had seen your patch when
browsing the upstream mailing list, but hadn't realized how bad the
results of the current code can be.

I've done a few tests on the different variants, and I think your patch
still contains a little error: isspace() also detects whitespace such as
tabs and newslines, so I think it is not a coincidence that when
whitespace is found, it is first set to ' '. Your memmove() overwrites
this space character with the character before the first non-whitespace
character, which could well be a tab!

Also, I like the upstream author's suggestion to also trim leading and
trailing whitespace. Here's a my version of the patch - what do you
think?

--- a/src/fe-common/fe-rosters.c
+++ b/src/fe-common/fe-rosters.c
@@ -30,24 +30,31 @@
 #include "rosters-tools.h"
 #include "fe-xmpp-status.h"
 
+/* stroneline - trim spaces, tabs and newslines to form a one-line status line 
*/
 static void
 stroneline(char *s)
 {
-       size_t len, i, spaces;
+       size_t spaces;
        char *p1, *p2;
               
+       /* remove leading whitespace */
+       for (p1 = s; isspace(*p1); ++p1);
+       if (p1 != s)
+               memmove(s, p1, strlen(p1)+1);
+
+       /* remove trailing whitespace */
+       for (p2 = s+strlen(s)-1; p2 > s && isspace(*p2); --p2)
+               *p2 = '\0';
+
+       /* remove consecutive spaces */
        for (p1 = s; *p1 != '\0'; ++p1) {
                if (isspace(*p1)) {
-                       *p1 = ' ';
+                       *(p1++) = ' ';
                        p2 = p1;
-                       spaces = 0;
-                       while (*(p2++) != '\0' && isspace(*p2))
-                       ++spaces;
-                       if (spaces > 0) {
-                               len = strlen(p1);
-                               for (i = 0; i < len-spaces+1; ++i)
-                                       p1[i-spaces] = p1[i];
-                       }
+                       while (*p2 != '\0' && isspace(*p2)) p2++;
+                       spaces = p2-p1;
+                       if ( spaces > 0 )
+                               memmove(p1, p1+spaces, strlen(p1)-spaces+1);
                }
        }
 }


> So I propose to include the attached patch to the debian version of 
> irssi-xmpp and try to get it into the next release still.

we can try. As I'm not yet through NM, would you be willing to sponsor the
upload I prepare?

Best,
Florian


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to