| Summary: | RSSyl crash when opening Atom feed with XML depth >= 3 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Claws Mail (GTK 2) | Reporter: | tosh <tosh> | ||||
| Component: | Plugins/RSSyl | Assignee: | users | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | normal | ||||||
| Priority: | P3 | ||||||
| Version: | 3.14.0 | ||||||
| Hardware: | PC | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
Changes related to this bug have been committed. Please check latest Git and update the bug accordingly. You can also get the patch from: http://git.claws-mail.org/ ++ ChangeLog 2016-08-21 21:38:02.421208610 +0200 http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=ca10542850eaa75e1345794081aec41652be12d7 Merge: 1e1ff63 89af524 Author: Colin Leroy <colin@colino.net> Date: Sun Aug 21 21:38:01 2016 +0200 Merge branch 'master' of file:///home/git/claws http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=89af524b6729737d8a3ad22a4aa1fe27481f80d1 Author: Andrej Kacian <ticho@claws-mail.org> Date: Sun Aug 21 21:36:12 2016 +0200 Fix NULL pointer dereference in Atom parser. Closes bug #3676. You're right, it was careless of me to omit that check. Nice catch again, thanks! Fixed in git. |
Created attachment 1675 [details] The attached file reproduce this bug in 3.14.0. There is a NULL pointer dereference in the RSSyl plugin (claw-mail 3.14.0), in the feed_parser_atom10_start function of the libfeed library. At parser_atom10.c:110 we have this piece of code : } else if (ctx->depth >= 3) { if (ctx->curitem->xhtml_content && ctx->location == FEED_LOC_ATOM10_CONTENT) { guint i; GString *txt = ctx->xhtml_str; g_string_append_c(txt, '<'); Everywhere the ctx->curitem pointer is checked except in this "if" block. Here, if the ctx->curitem is NULL we have a NULL pointer dereference when we try to access to ctx->curitem->xhtml_content field and the RSSyl plugin crash. The attached file reproduce this bug.