Pidgin attempts to free an address which was not malloc()-ed

Joseph Bisch joseph.bisch at
Wed Sep 20 12:54:02 EDT 2017

I'm not too familiar with hg, but hg parent output is:

changeset:   38686:0c8abea27d96
tag:         tip
parent:      38655:cb39c7ee8567
parent:      38685:262e7e2b84bc
user:        Gary Kramlich <grim at>
date:        Tue Sep 19 03:14:48 2017 +0000
summary:     Merged in rw_grim/pidgin (pull request #252)

The web interface seems to show that line:

On Wed, Sep 20, 2017 at 12:47 PM, Ethan Blanton <elb at> wrote:
> Joseph Bisch wrote:
>> While fuzzing Pidgin, I encountered a crash associated with Pidgin
>> attempting to free an address which was not malloc()-ed. I am
>> attaching the ASan output and a testcase. I minimized the original
>> fuzzing logs to get the testcase, but the ASan output is from the
>> actual fuzzing session. So the testcase seems to cause the bad free to
>> happen in irc_close when attempting to free irc->motd instead of the
>> location in the attached ASan log file.
> What version of Pidgin is this?  That line is not in irc_msg_motd in
> the current sources.
> Ethan

More information about the security mailing list