Pidgin attempts to free an address which was not malloc()-ed

Ethan Blanton elb at
Wed Sep 20 12:47:25 EDT 2017

Joseph Bisch wrote:
> While fuzzing Pidgin, I encountered a crash associated with Pidgin
> attempting to free an address which was not malloc()-ed. I am
> attaching the ASan output and a testcase. I minimized the original
> fuzzing logs to get the testcase, but the ASan output is from the
> actual fuzzing session. So the testcase seems to cause the bad free to
> happen in irc_close when attempting to free irc->motd instead of the
> location in the attached ASan log file.

What version of Pidgin is this?  That line is not in irc_msg_motd in
the current sources.


More information about the security mailing list