Bug #1314

Crash

Added by pucilowski almost 2 years ago. Updated over 1 year ago.

Status:ResolvedStart date:09/27/2014
Priority:ImmediateDue date:
Assignee:-% Done:

100%

Category:-
Target version:-
Version:0.10.0 OS:Any

Description

Error: ASSERT: "uint(i) < uint(size())" in file /usr/include/qt4/QtCore/qbytearray.h, line 414 

It happens as a result of receiving a very long line of input on a fishlim enabled channel.

An example of such line was the following at 284 characters.

lalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalalal

Associated revisions

Revision 8b5ecd22
Added by Manuel Nickschas over 1 year ago

Check for invalid input in encrypted buffers

The ECB Blowfish decryption function assumed that encrypted input would
always come in blocks of 12 characters, as specified. However, buggy
clients or annoying people may not adhere to that assumption, causing
the core to crash while trying to process the invalid base64 input.

With this commit we make sure that we're not overstepping the bounds of
the input string while decoding it; instead we bail out early and display
the original input. Fixes #1314.

Thanks to Tucos for finding that one!

Revision 6b2d80b8
Added by Manuel Nickschas over 1 year ago

Check for invalid input in encrypted buffers

The ECB Blowfish decryption function assumed that encrypted input would
always come in blocks of 12 characters, as specified. However, buggy
clients or annoying people may not adhere to that assumption, causing
the core to crash while trying to process the invalid base64 input.

With this commit we make sure that we're not overstepping the bounds of
the input string while decoding it; instead we bail out early and display
the original input. Fixes #1314.

Thanks to Tucos for finding that one!

History

#1 Updated by Anonymous over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF