Summary: | konversation 1.2-alpha1 crashes when receiving notice from -sBNC/shroudbnc | ||
---|---|---|---|
Product: | [Applications] konversation | Reporter: | Dominic Laumer <domo> |
Component: | general | Assignee: | Konversation Developers <konversation-devel> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | hein |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Unlisted Binaries | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Dominic Laumer
2009-05-21 23:56:33 UTC
SVN commit 971668 by hein: QAbstractSocket::readLine() reads until the first LF it encounters. shroudBNC, when relaying a private message it received with no user connected, ends them with LFCRLF, which means we end up with second line consisting of nothing but CRLF. The KDE 4 code wasn't prepared to deal with that and crashed due to lack of bounds checking. I fixed up the line ending truncation code, and then made sure that lines truncated down to zero (i.e. after CR and LF got removed) do not get processed further, as that leads to crashes again due to usage of QList::operator[] with indices out of range further down the line. BUG:193574 M +4 -2 server.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=971668 Note: I've notified the shroundBNC developers of this case (via the support email address given on their website). Should probably explain why I notified them ;-). According to RFC1459 and RFC2812, IRC messages are always terminated with CR-LF, i.e. shroundBNC is not following the protocol here. Konvi should be prepared to handle "garbage" and not crash, of course, but nontheless shroudBNC should fix their code, too. |