File pidgin-2.10.11-fix-memread-in-util.patch of Package pidgin.openSUSE_Leap_42.2_Update

Overview Repositories Revisions Requests Users Attributes Meta

File pidgin-2.10.11-fix-memread-in-util.patch of Package pidgin.openSUSE_Leap_42.2_Update

--- a/libpurple/util.c
+++ b/libpurple/util.c
@@ -977,18 +977,29 @@ purple_markup_unescape_entity(const char
 		pln = "\302\256";      /* or use g_unichar_to_utf8(0xae); */
 	else if(IS_ENTITY("&apos;"))
 		pln = "\'";
-	else if(*(text+1) == '#' &&
-			(sscanf(text, "&#%u%1[;]", &pound, temp) == 2 ||
-			 sscanf(text, "&#x%x%1[;]", &pound, temp) == 2) &&
-			pound != 0) {
+	else if(text[1] == '#' && g_ascii_isxdigit(text[2])) {
 		static char buf[7];
-		int buflen = g_unichar_to_utf8((gunichar)pound, buf);
+		const char *start = text + 2;
+		char *end;
+		guint64 pound;
+		int base = 10;
+		int buflen;
+
+		if (*start == 'x') {
+			base = 16;
+			start++;
+		}
+
+		pound = g_ascii_strtoull(start, &end, base);
+		if (pound == 0 || pound > INT_MAX || *end != ';') {
+			return NULL;
+		}
+
+		len = (end - text) + 1;
+
+		buflen = g_unichar_to_utf8((gunichar)pound, buf);
 		buf[buflen] = '\0';
 		pln = buf;
-
-		len = (*(text+2) == 'x' ? 3 : 2);
-		while(isxdigit((gint) text[len])) len++;
-		if(text[len] == ';') len++;
 	}
 	else
 		return NULL;

Places

File pidgin-2.10.11-fix-memread-in-util.patch of Package pidgin.openSUSE_Leap_42.2_Update

Places