Pidgin remote crash bug

Peter LoVerso prl2760 at rit.edu
Fri Dec 5 04:49:33 EST 2014 

Ah, I just installed 2.10.10 from the PPA and it no longer crashes. 
However, the file also no longer sends.

I'm not sure exactly how to compile Pidgin with debug symbols, but I 
have compiled things before and if you give a simple set of instructions 
I could certainly do so.

Since Pidgin no longer crashes, this is probably no longer a security 
issue- would you like me to open a normal ticket instead?

On 12/05/2014 04:41 AM, Eion Robb wrote:
> Does this still happen with Pidgin 2.10.11?  Are you able to recompile 
> with debug symbols to get a better quality backtrace?
>
> On 5 December 2014 at 22:39, Peter LoVerso <prl2760 at rit.edu 
> <mailto:prl2760 at rit.edu>> wrote:
>
>     Hello,
>
>     I have found a bug related to this bug:
>     https://developer.pidgin.im/ticket/10481 where a remote user can
>     possibly cause a crash of pidgin. I am sending the bug to this
>     email address as per the last comment on that ticket.
>
>     I use MAXS http://projectmaxs.org/homepage/ to control my phone
>     remotely through pidgin. However, I've found that when trying to
>     send a file to my phone from pidgin using the MAXS FileWrite
>     module, it will always crash pidgin with a segfault. Below is the
>     backtrace. It's not as serious as the linked ticket, as here the
>     user must try to send a file to the attacker for the attacker to
>     cause a remote crash, but I thought it was better to be safe and
>     send it here.
>
>     I do not have any plugins enabled in Pidgin except for OTR, which
>     should not be relevant to the bug.
>
>     (gdb) handle SIGPIPE nostop noprint
>     Signal        Stop    Print    Pass to program Description
>     SIGPIPE       No    No    Yes        Broken pipe
>     (gdb) run
>     Starting program: /usr/bin/pidgin
>     [Thread debugging using libthread_db enabled]
>     Using host libthread_db library
>     "/lib/x86_64-linux-gnu/libthread_db.so.1".
>     Xlib:  extension "RANDR" missing on display ":0.0".
>     [New Thread 0x7fffe71df700 (LWP 898)]
>     [New Thread 0x7fffcdc7f700 (LWP 899)]
>
>     Program received signal SIGSEGV, Segmentation fault.
>     0x000055555685ef00 in ?? ()
>     (gdb) bt full
>     #0  0x000055555685ef00 in ?? ()
>     No symbol table info available.
>     #1  0x00007fffe3040320 in jabber_iq_parse () from
>     /usr/lib/purple-2/libjabber.so.0
>     No symbol table info available.
>     #2  0x00007fffe304800e in jabber_process_packet () from
>     /usr/lib/purple-2/libjabber.so.0
>     No symbol table info available.
>     #3  0x00007fffe3054a67 in ?? () from /usr/lib/purple-2/libjabber.so.0
>     No symbol table info available.
>     #4  0x00007ffff4021acd in ?? () from
>     /usr/lib/x86_64-linux-gnu/libxml2.so.2
>     No symbol table info available.
>     #5  0x00007ffff4021e1e in xmlParseChunk () from
>     /usr/lib/x86_64-linux-gnu/libxml2.so.2
>     No symbol table info available.
>     #6  0x00007fffe3054f0d in jabber_parser_process () from
>     /usr/lib/purple-2/libjabber.so.0
>     No symbol table info available.
>     #7  0x00007fffe304429b in ?? () from /usr/lib/purple-2/libjabber.so.0
>     No symbol table info available.
>     #8  0x00005555555c84ce in ?? ()
>     No symbol table info available.
>     #9  0x00007ffff53aace5 in g_main_context_dispatch () from
>     /lib/x86_64-linux-gnu/libglib-2.0.so.0
>     No symbol table info available.
>     #10 0x00007ffff53ab048 in ?? () from
>     /lib/x86_64-linux-gnu/libglib-2.0.so.0
>     No symbol table info available.
>     #11 0x00007ffff53ab30a in g_main_loop_run () from
>     /lib/x86_64-linux-gnu/libglib-2.0.so.0
>     No symbol table info available.
>     #12 0x00007ffff6633447 in gtk_main () from
>     /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
>     No symbol table info available.
>     #13 0x000055555558f369 in main ()
>     No symbol table info available.
>
>
>     peter at Sindbad:~$ uname -a
>     Linux Sindbad 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27
>     UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>     peter at Sindbad:~$ pidgin -v
>     Pidgin 2.10.9 (libpurple 2.10.9)
>
>     Thanks,
>     Peter
>     _______________________________________________
>     security mailing list
>     security at pidgin.im <mailto:security at pidgin.im>
>     https://pidgin.im/cgi-bin/mailman/listinfo/security
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20141205/9ab9e64e/attachment-0001.html>

More information about the security mailing list