Top «Prev(2007-05-29) Latest Next(2007-06-02)» Edit

pterjan's diary


  Gaim : How to upset bug reporters

I just received the following mail:

Category: None
Group: 2.0.0 beta 4
>Status: Closed
Resolution: None
Priority: 5
Private: No
Submitted By: Pascal Terjan (pterjan)
Assigned to: Tim Ringenbach (marv_sf)
Summary: bug in yahoo_packet_read

Initial Comment: Look at this part of the code :
pos += 2; pair->key = strtol(key, NULL, 10); accept = x; /* if x is 0 there was no key, so don't accept it */
if (len - pos + 1 <= 0) { /* Truncated. Garbage or something. */ accept = FALSE; }
if (accept) { delimiter = (const guchar *)strstr((char *)&data[pos], "\xc0\x80"); if (delimiter == NULL)
As you do pos += 2, strstr will start searching after the delimiter we found. I don't know if you expect finding another one just after, but then you should check that pos + 1 is still < len as strstr will read 2 chars in data. If you do not expect another one, pos+=2 should be dropped and (len - pos + 1 <= 0) changed to (pos > len -1)
I found this using valgrind wich reported that strstr reads after the end of data.
Comment By: Luke Schierer (lschiere) Date: 2007-05-30 11:42
Message: Logged In: YES user_id=28833 Originator: NO
As we have now renamed the project, and are migrating to, I am closing this ticket. Please create a new ticket at if this issue persists with 2.0.0

I wanted to go the the page but I get an error telling me about private stuff, is this to to ensure that we don't answer? They did not take time to handle this quite simple bug in 7 months and now they close it and mark it private so that I can't reply. With this bug handling method, I don't think I will report them any bug soon and I won't report this to their new site to have it ignored again. At least it is posted here and maybe someone will read it some day and fix it, as the original bug is no longer available...