[Users] [Bug 3676] New: RSSyl crash when opening Atom feed with XML depth >= 3

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Sun Aug 21 17:17:04 CEST 2016


http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3676

            Bug ID: 3676
           Summary: RSSyl crash when opening Atom feed with XML depth >= 3
    Classification: Unclassified
           Product: Claws Mail
           Version: 3.14.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Plugins
          Assignee: users at lists.claws-mail.org
          Reporter: tosh at t0x0sh.org

Created attachment 1675
  -->
http://www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1675&action=edit
The attached file reproduce this bug in 3.14.0.

There is a NULL pointer dereference in the RSSyl plugin (claw-mail 3.14.0), in
the feed_parser_atom10_start function of the libfeed library.

At parser_atom10.c:110 we have this piece of code :

    } else if (ctx->depth >= 3) {
        if (ctx->curitem->xhtml_content
                && ctx->location == FEED_LOC_ATOM10_CONTENT) {
            guint i;
            GString *txt = ctx->xhtml_str;
            g_string_append_c(txt, '<');

Everywhere the ctx->curitem pointer is checked except in this "if" block.

Here, if the ctx->curitem is NULL we have a NULL pointer dereference when we
try to access to ctx->curitem->xhtml_content field and the RSSyl plugin crash.

The attached file reproduce this bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Users mailing list