Bug 3676 - RSSyl crash when opening Atom feed with XML depth >= 3
Summary: RSSyl crash when opening Atom feed with XML depth >= 3
Status: RESOLVED FIXED
Alias: None
Product: Claws Mail (GTK 2)
Classification: Unclassified
Component: Plugins/RSSyl (show other bugs)
Version: 3.14.0
Hardware: PC Linux
: P3 normal
Assignee: users
URL:
Depends on:
Blocks:
 
Reported: 2016-08-21 15:17 UTC by tosh
Modified: 2016-08-21 19:38 UTC (History)
0 users

See Also:


Attachments
The attached file reproduce this bug in 3.14.0. (152 bytes, text/xml)
2016-08-21 15:17 UTC, tosh
no flags Details

Description tosh 2016-08-21 15:17:04 UTC
Created attachment 1675 [details]
The attached file reproduce this bug in 3.14.0.

There is a NULL pointer dereference in the RSSyl plugin (claw-mail 3.14.0), in the feed_parser_atom10_start function of the libfeed library.

At parser_atom10.c:110 we have this piece of code :

    } else if (ctx->depth >= 3) {
        if (ctx->curitem->xhtml_content
                && ctx->location == FEED_LOC_ATOM10_CONTENT) {
            guint i;
            GString *txt = ctx->xhtml_str;
            g_string_append_c(txt, '<');

Everywhere the ctx->curitem pointer is checked except in this "if" block.

Here, if the ctx->curitem is NULL we have a NULL pointer dereference when we try to access to ctx->curitem->xhtml_content field and the RSSyl plugin crash.

The attached file reproduce this bug.
Comment 1 users 2016-08-21 19:38:02 UTC
Changes related to this bug have been committed.
Please check latest Git and update the bug accordingly.
You can also get the patch from:
http://git.claws-mail.org/

++ ChangeLog	2016-08-21 21:38:02.421208610 +0200
http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=ca10542850eaa75e1345794081aec41652be12d7
Merge: 1e1ff63 89af524
Author: Colin Leroy <colin@colino.net>
Date:   Sun Aug 21 21:38:01 2016 +0200

    Merge branch 'master' of file:///home/git/claws

http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=89af524b6729737d8a3ad22a4aa1fe27481f80d1
Author: Andrej Kacian <ticho@claws-mail.org>
Date:   Sun Aug 21 21:36:12 2016 +0200

    Fix NULL pointer dereference in Atom parser.
    
    Closes bug #3676.
Comment 2 Andrej Kacian 2016-08-21 19:38:15 UTC
You're right, it was careless of me to omit that check. Nice catch again, thanks! Fixed in git.

Note You need to log in before you can comment on or make changes to this bug.