Pidgin MSN memory corruption issue

Mark Doliner mark at
Wed Feb 10 14:16:48 EST 2010

On Wed, Feb 10, 2010 at 9:15 AM, Jan Lieskovsky <jlieskov at> wrote:
> Hi Mark,
>  thanks for the reproducer.
> Regarding the crash mentioned in gdb.txt:
> (19:43:24) msn: switchboard send msg..
> (19:43:24) GLib: g_queue_is_empty: assertion `queue != NULL' failed
> (19:43:24) g_log: msn_cmdproc_send_trans: assertion `cmdproc != NULL' failed
> Program received signal SIGSEGV, Segmentation fault.
> What was the version of Pidgin, you reproduced on?

I do not know--this file comes directly from the person who found the problem.

> Tried two Fedora's ones (pidgin-2.6.5-1 already with the CVE-2010-0013
> patch applied) and pidgin-2.6.4-1, got two Hotmail MSN accounts:
> iankko at, iankkotest at
> when logged into Pidgin (started under gdb) as 'iankkotest', starting up the
> java
> PidginExploit in the form of:
> java PidginExploit iankko at somePass iankkotest at
> and inviting 'iankko at' from 'iankkotest at'
> (see attached further_steps.txt), the only (verbose) gdb output, I can see
> is
> (attached result.txt) -- no crash, just some assertion message.
> Could you advice, what I am doing wrong here? (Or once Pidgin was
> patched for CVE-2010-0013, the crash isn't present anymore, just
> some valgrind warnings?)

I don't think you're doing anything wrong.  I think Pidgin patched for
CVE-2010-0013 is less likely to crash, and will just show valgrind


More information about the security mailing list