Pidgin remote crash bug

Eion Robb eion at robbmob.com
Fri Dec 5 04:41:54 EST 2014 

Does this still happen with Pidgin 2.10.11?  Are you able to recompile with
debug symbols to get a better quality backtrace?

On 5 December 2014 at 22:39, Peter LoVerso <prl2760 at rit.edu> wrote:

> Hello,
>
> I have found a bug related to this bug: https://developer.pidgin.im/
> ticket/10481 where a remote user can possibly cause a crash of pidgin. I
> am sending the bug to this email address as per the last comment on that
> ticket.
>
> I use MAXS http://projectmaxs.org/homepage/ to control my phone remotely
> through pidgin. However, I've found that when trying to send a file to my
> phone from pidgin using the MAXS FileWrite module, it will always crash
> pidgin with a segfault. Below is the backtrace. It's not as serious as the
> linked ticket, as here the user must try to send a file to the attacker for
> the attacker to cause a remote crash, but I thought it was better to be
> safe and send it here.
>
> I do not have any plugins enabled in Pidgin except for OTR, which should
> not be relevant to the bug.
>
> (gdb) handle SIGPIPE nostop noprint
> Signal        Stop    Print    Pass to program    Description
> SIGPIPE       No    No    Yes        Broken pipe
> (gdb) run
> Starting program: /usr/bin/pidgin
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> Xlib:  extension "RANDR" missing on display ":0.0".
> [New Thread 0x7fffe71df700 (LWP 898)]
> [New Thread 0x7fffcdc7f700 (LWP 899)]
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x000055555685ef00 in ?? ()
> (gdb) bt full
> #0  0x000055555685ef00 in ?? ()
> No symbol table info available.
> #1  0x00007fffe3040320 in jabber_iq_parse () from
> /usr/lib/purple-2/libjabber.so.0
> No symbol table info available.
> #2  0x00007fffe304800e in jabber_process_packet () from
> /usr/lib/purple-2/libjabber.so.0
> No symbol table info available.
> #3  0x00007fffe3054a67 in ?? () from /usr/lib/purple-2/libjabber.so.0
> No symbol table info available.
> #4  0x00007ffff4021acd in ?? () from /usr/lib/x86_64-linux-gnu/
> libxml2.so.2
> No symbol table info available.
> #5  0x00007ffff4021e1e in xmlParseChunk () from /usr/lib/x86_64-linux-gnu/
> libxml2.so.2
> No symbol table info available.
> #6  0x00007fffe3054f0d in jabber_parser_process () from
> /usr/lib/purple-2/libjabber.so.0
> No symbol table info available.
> #7  0x00007fffe304429b in ?? () from /usr/lib/purple-2/libjabber.so.0
> No symbol table info available.
> #8  0x00005555555c84ce in ?? ()
> No symbol table info available.
> #9  0x00007ffff53aace5 in g_main_context_dispatch () from
> /lib/x86_64-linux-gnu/libglib-2.0.so.0
> No symbol table info available.
> #10 0x00007ffff53ab048 in ?? () from /lib/x86_64-linux-gnu/libglib-
> 2.0.so.0
> No symbol table info available.
> #11 0x00007ffff53ab30a in g_main_loop_run () from
> /lib/x86_64-linux-gnu/libglib-2.0.so.0
> No symbol table info available.
> #12 0x00007ffff6633447 in gtk_main () from /usr/lib/x86_64-linux-gnu/
> libgtk-x11-2.0.so.0
> No symbol table info available.
> #13 0x000055555558f369 in main ()
> No symbol table info available.
>
>
> peter at Sindbad:~$ uname -a
> Linux Sindbad 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC
> 2014 x86_64 x86_64 x86_64 GNU/Linux
> peter at Sindbad:~$ pidgin -v
> Pidgin 2.10.9 (libpurple 2.10.9)
>
> Thanks,
> Peter
> _______________________________________________
> security mailing list
> security at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20141205/3bd25c88/attachment.html>

More information about the security mailing list