Project

General

Profile

Bug #1314

Crash

Added by pucilowski about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
-
Category:
-
Target version:
-
Start date:
09/27/2014
Due date:
% Done:

100%

Version:
0.10.0
OS:
Any

Description

Error: ASSERT: "uint(i) < uint(size())" in file /usr/include/qt4/QtCore/qbytearray.h, line 414 

It happens as a result of receiving a very long line of input on a fishlim enabled channel.

An example of such line was the following at 284 characters.

lalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalal

Associated revisions

Revision 8b5ecd22 (diff)
Added by Manuel Nickschas about 2 years ago

Check for invalid input in encrypted buffers

The ECB Blowfish decryption function assumed that encrypted input would
always come in blocks of 12 characters, as specified. However, buggy
clients or annoying people may not adhere to that assumption, causing
the core to crash while trying to process the invalid base64 input.

With this commit we make sure that we're not overstepping the bounds of
the input string while decoding it; instead we bail out early and display
the original input. Fixes #1314.

Thanks to Tucos for finding that one!

Revision 6b2d80b8 (diff)
Added by Manuel Nickschas about 2 years ago

Check for invalid input in encrypted buffers

The ECB Blowfish decryption function assumed that encrypted input would
always come in blocks of 12 characters, as specified. However, buggy
clients or annoying people may not adhere to that assumption, causing
the core to crash while trying to process the invalid base64 input.

With this commit we make sure that we're not overstepping the bounds of
the input string while decoding it; instead we bail out early and display
the original input. Fixes #1314.

Thanks to Tucos for finding that one!

History

#1 Updated by Anonymous about 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF