diff -up pidgin-2.6.6/libpurple/protocols/mxit/markup.c.CVE-2012-3374 pidgin-2.6.6/libpurple/protocols/mxit/markup.c --- pidgin-2.6.6/libpurple/protocols/mxit/markup.c.CVE-2012-3374 2010-02-16 04:34:06.000000000 -0500 +++ pidgin-2.6.6/libpurple/protocols/mxit/markup.c 2012-07-04 12:47:14.009776395 -0400 @@ -366,7 +366,7 @@ void mxit_show_message( struct RXMsgData int start; unsigned int end; int emo_ofs; - char ii[128]; + char* ii; char tag[64]; int* img_id; @@ -384,8 +384,7 @@ void mxit_show_message( struct RXMsgData if ( end == mx->msg->len ) /* end of emoticon tag not found */ break; - memset( ii, 0x00, sizeof( ii ) ); - memcpy( ii, &mx->msg->str[emo_ofs], end - emo_ofs ); + ii = g_strndup(&mx->msg->str[emo_ofs], end - emo_ofs); /* remove inline image tag */ g_string_erase( mx->msg, start, ( end - start ) + 1 ); @@ -401,6 +400,8 @@ void mxit_show_message( struct RXMsgData g_snprintf( tag, sizeof( tag ), "<img id=\"%i\">", *img_id ); g_string_insert( mx->msg, start, tag ); } + + g_free(ii); } }