pidgin/pidgin

fix a use after free by making sure to reference an old smiley image if it is not null.
--- a/libpurple/smiley.c Mon May 11 21:28:39 2020 +0000
+++ b/libpurple/smiley.c Thu May 14 03:20:38 2020 -0500
@@ -615,7 +615,7 @@
purple_smiley_set_data_impl(PurpleSmiley *smiley, guchar *smiley_data,
size_t smiley_data_len)
{
- PurpleStoredImage *old_img, *new_img;
+ PurpleStoredImage *old_img = NULL, *new_img = NULL;
const char *old_filename = NULL;
const char *new_filename = NULL;
@@ -623,7 +623,10 @@
g_return_if_fail(smiley_data != NULL);
g_return_if_fail(smiley_data_len > 0);
- old_img = smiley->img;
+ if(smiley->img != NULL) {
+ old_img = smiley->img;
+ purple_imgstore_ref(old_img);
+ }
new_img = purple_smiley_data_new(smiley_data, smiley_data_len);