Pidgin remote crash bug

Peter LoVerso prl2760 at rit.edu
Fri Dec 5 04:39:20 EST 2014 

Hello,

I have found a bug related to this bug: 
https://developer.pidgin.im/ticket/10481 where a remote user can 
possibly cause a crash of pidgin. I am sending the bug to this email 
address as per the last comment on that ticket.

I use MAXS http://projectmaxs.org/homepage/ to control my phone remotely 
through pidgin. However, I've found that when trying to send a file to 
my phone from pidgin using the MAXS FileWrite module, it will always 
crash pidgin with a segfault. Below is the backtrace. It's not as 
serious as the linked ticket, as here the user must try to send a file 
to the attacker for the attacker to cause a remote crash, but I thought 
it was better to be safe and send it here.

I do not have any plugins enabled in Pidgin except for OTR, which should 
not be relevant to the bug.

(gdb) handle SIGPIPE nostop noprint
Signal        Stop    Print    Pass to program    Description
SIGPIPE       No    No    Yes        Broken pipe
(gdb) run
Starting program: /usr/bin/pidgin
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Xlib:  extension "RANDR" missing on display ":0.0".
[New Thread 0x7fffe71df700 (LWP 898)]
[New Thread 0x7fffcdc7f700 (LWP 899)]

Program received signal SIGSEGV, Segmentation fault.
0x000055555685ef00 in ?? ()
(gdb) bt full
#0  0x000055555685ef00 in ?? ()
No symbol table info available.
#1  0x00007fffe3040320 in jabber_iq_parse () from 
/usr/lib/purple-2/libjabber.so.0
No symbol table info available.
#2  0x00007fffe304800e in jabber_process_packet () from 
/usr/lib/purple-2/libjabber.so.0
No symbol table info available.
#3  0x00007fffe3054a67 in ?? () from /usr/lib/purple-2/libjabber.so.0
No symbol table info available.
#4  0x00007ffff4021acd in ?? () from /usr/lib/x86_64-linux-gnu/libxml2.so.2
No symbol table info available.
#5  0x00007ffff4021e1e in xmlParseChunk () from 
/usr/lib/x86_64-linux-gnu/libxml2.so.2
No symbol table info available.
#6  0x00007fffe3054f0d in jabber_parser_process () from 
/usr/lib/purple-2/libjabber.so.0
No symbol table info available.
#7  0x00007fffe304429b in ?? () from /usr/lib/purple-2/libjabber.so.0
No symbol table info available.
#8  0x00005555555c84ce in ?? ()
No symbol table info available.
#9  0x00007ffff53aace5 in g_main_context_dispatch () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#10 0x00007ffff53ab048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#11 0x00007ffff53ab30a in g_main_loop_run () from 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#12 0x00007ffff6633447 in gtk_main () from 
/usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
No symbol table info available.
#13 0x000055555558f369 in main ()
No symbol table info available.


peter at Sindbad:~$ uname -a
Linux Sindbad 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux
peter at Sindbad:~$ pidgin -v
Pidgin 2.10.9 (libpurple 2.10.9)

Thanks,
Peter

More information about the security mailing list