Fix an out of bounds write in purple_markup_linkify.

This was found by Thomas Roth <code@stacksmashing.net>, Dominik Maier <mail@dmnk.co>, and Fabian Freyer <mail@fabianfreyer.de>. Testing Done: Compiled and ran the `purple_markup_linkify_fuzzer` from the google oss-fuzz project to verify the fix. Reviewed at https://reviews.imfreedom.org/r/781/
author: Gary Kramlich <grim@reaperworld.com> 2021-07-08 19:33:19 -0500
committer: Gary Kramlich <grim@reaperworld.com> 2021-07-08 19:33:19 -0500
commit: 8dcd505f35bc6cd46294375bee4ace1a5628d2ec (patch)
tree: 719ca0f5597e963c0eab913fea2ad7e916e5a4f8
parent: 28f7252836c7a862d64ec00c1f7cc61fd701f3f4 (diff)
download: pidgin-8dcd505f35bc6cd46294375bee4ace1a5628d2ec.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libpurple/util.c b/libpurple/util.c
index 640bdbd693..67e92de25d 100644
--- a/libpurple/util.c
+++ b/libpurple/util.c
@@ -2286,8 +2286,9 @@ purple_markup_linkify(const char *text)
 
 					/* strip off trailing periods */
 					if (strlen(url_buf) > 0) {
-						for (d = url_buf + strlen(url_buf) - 1; *d == '.'; d--, t--)
+						for (d = url_buf + strlen(url_buf) - 1; (d >= url_buf) && (*d == '.'); d--, t--) {
 							*d = '\0';
+						}
 					}
 
 					tmpurlbuf = purple_unescape_html(url_buf);
author	Gary Kramlich <grim@reaperworld.com>	2021-07-08 19:33:19 -0500
committer	Gary Kramlich <grim@reaperworld.com>	2021-07-08 19:33:19 -0500
commit	8dcd505f35bc6cd46294375bee4ace1a5628d2ec (patch)
tree	719ca0f5597e963c0eab913fea2ad7e916e5a4f8
parent	28f7252836c7a862d64ec00c1f7cc61fd701f3f4 (diff)
download	pidgin-8dcd505f35bc6cd46294375bee4ace1a5628d2ec.tar.gz