bytes.decode("utf-8") can crash if invalid utf8 is found.

Question

bytes.decode("utf-8") can crash if invalid utf8 is found.

Opened this issue 8 years ago · 0 comments

I never triggered the bug itself but this can be a security concern if we want to prevent potential (depending on how weechat handles unicode) remote crashes.
Using bytes.decode("utf-8", "replace") should fix the issue.

Also, note that packet handling does no error catching whatsoever, so even a buggy network connection might be able to crash the packet handler.