Pidgin attempts to free an address which was not malloc()-ed
elb at pidgin.im
Wed Sep 20 12:47:25 EDT 2017
Joseph Bisch wrote:
> While fuzzing Pidgin, I encountered a crash associated with Pidgin
> attempting to free an address which was not malloc()-ed. I am
> attaching the ASan output and a testcase. I minimized the original
> fuzzing logs to get the testcase, but the ASan output is from the
> actual fuzzing session. So the testcase seems to cause the bad free to
> happen in irc_close when attempting to free irc->motd instead of the
> location in the attached ASan log file.
What version of Pidgin is this? That line is not in irc_msg_motd in
the current sources.
More information about the security