Thank you for replying, but actually am not facing this problem anymore since i started using pidgin on ubuntu 10.04.
Best Regards, Ihab A. Ali Senior Web Developer > Date: Wed, 25 Aug 2010 15:58:59 +0000 > From: pe...@ubuntu.com > To: ihab-...@hotmail.com > Subject: [Bug 386694] bonjour closes conversation (bconv) multiple times > > Thank you for taking the time to report this bug and helping to make > Ubuntu better.You reported this bug a while ago and there hasn't been > any activity in it recently. We were wondering is this still an issue > for you? Do you get the same with Lucid or Maverick? Thanks in advance. > > ** Changed in: pidgin (Ubuntu) > Status: New => Incomplete > > -- > bonjour closes conversation (bconv) multiple times > https://bugs.launchpad.net/bugs/386694 > You received this bug notification because you are a direct subscriber > of the bug. > > Status in “pidgin” package in Ubuntu: Incomplete > > Bug description: > Binary package hint: libpurple0 > > The Bonjour code seems not to deal correctly with closing conversations. > > The function bonjour_jabber_close_conversation may be called several times, > causing double free()s and crashes. > > Examples to trigger this would be to send this message twice (and close the > connection after each again, e.g. use netcat): > <?xml version="1.0" encoding="utf-8" ?> > <message to="destinat...@localhost" from="sen...@localhost" > type="chat"><body>Hello Wolrd</body></message> > > Or you can also crash pidgin using only one of the messages and then close > the conversation window. > Or you can also crash pidgin using only one message like that: > <?xml version="1.0" encoding="utf-8" ?> > <stream:stream xmlns="jabber:client" > xmlns:stream="http://etherx.jabber.org/streams"; from="sen...@localhost" > to="destinat...@localhost"><message to="destinat...@localhost" > from="sen...@localhost" type="chat"><body>Hello > Wolrd</body></message></stream:stream> > > Which will cause pidgin to crash, because of the two stream-tags that cause > the async_bonjour_jabber_close_conversation to be called twice. valgrind will > the complain about bytes being read from a structure that was already free()d > earlier. > > All references to the bconv struct should be set to NULL once it has been > free()d, so that libpurple does not try to free it again. > > As this is networking code, it is at best annoying to have attackers being > able to crash all local-network-bonjour-running pidgins… > > To unsubscribe from this bug, go to: > https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/386694/+subscribe -- bonjour closes conversation (bconv) multiple times https://bugs.launchpad.net/bugs/386694 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
