Description of problem: pidgin crashes on login to a silc account. I tried setting it up fresh, and from old setup. Both caused the crash. Version-Release number of selected component (if applicable): pidgin-2.2.2-1.fc8.x86_64 How reproducible: Everytime Steps to Reproduce: 1. Install pidgin 2. Run pidgin 3. Setup silc account Actual results: Crash Expected results: Runs normally Additional info: If run from a terminal window it mentions a buffer overflow.
I can confirm this odd behavior that happens just with silc accounts. A workaround for this problem is to downgrade to libsilc-1.0.2-2.fc6, the one installed by default under fedora 7. This suggest to me that the problem could be in libsilc itself but I didn't investigate deeper.
I think we'll need a backtrace with both pidgin-debuginfo and libsilc-debuginfo installed to be able to get anywhere with this.
Created attachment 290915 [details] Backtrace with debuginfo
This appears to be a libsilc problem, could you please try this libsilc package to see if the crash is fixed, and if you are now able to log in to silc? http://koji.fedoraproject.org/scratch/nosnilmot/task_328484/
This seems to solve the problem for me. Now I can log in to silc without crashing pidgin anymore.
libsilc-1.0.2-5.fc7 has been submitted as an update for Fedora 7
libsilc-1.0.2-5.fc8 has been submitted as an update for Fedora 8
libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libsilc'. You can provide feedback for this update here: http://admin.fedoraproject.org/F8/FEDORA-2008-1041
libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
libsilc-1.0.2-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
I'm not convinced the contents of the buffer are in attacker's control; did anyone conduct some investigation?
(In reply to comment #11) > I'm not convinced the contents of the buffer are in attacker's control; did > anyone conduct some investigation? I asked this of upstream and the reply was: > I'm not sure but I think this wasn't so serious. I never got it crash myself.