NOTE: This issue was not reported to a security reporting body.
| Summary | Content-length DOS (malloc error) |
|---|---|
| Date | 2004-08-26 |
| Discovered By | Sean (infamous42md) |
| Fixed In Release | 0.82 |
Remote crash. When a remote server provides a large content-length header
value, Gaim will attempt to allocate a buffer to store the content, however
this allocation attempt will cause Gaim to crash if the length exceeds the
amount of possible memory. This happens when reading profile information on
some protocols. It also happens when smiley themes are installed via drag and
drop.
The call to g_malloc() was replaced with a call to g_try_malloc(). If the
memory could not be allocated the function returns instead of causing the
application to crash.