Pidgin attempts to free an address which was not malloc()-ed
Joseph Bisch
joseph.bisch at gmail.com
Wed Sep 20 12:54:02 EDT 2017
I'm not too familiar with hg, but hg parent output is:
changeset: 38686:0c8abea27d96
tag: tip
parent: 38655:cb39c7ee8567
parent: 38685:262e7e2b84bc
user: Gary Kramlich <grim at reaperworld.com>
date: Tue Sep 19 03:14:48 2017 +0000
summary: Merged in rw_grim/pidgin (pull request #252)
The web interface seems to show that line:
https://bitbucket.org/pidgin/main/src/46a5db31d820b08bc294bba481af8ed9ff0165c2/libpurple/protocols/irc/msgs.c?at=default&fileviewer=file-view-default#msgs.c-752
On Wed, Sep 20, 2017 at 12:47 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Joseph Bisch wrote:
>> While fuzzing Pidgin, I encountered a crash associated with Pidgin
>> attempting to free an address which was not malloc()-ed. I am
>> attaching the ASan output and a testcase. I minimized the original
>> fuzzing logs to get the testcase, but the ASan output is from the
>> actual fuzzing session. So the testcase seems to cause the bad free to
>> happen in irc_close when attempting to free irc->motd instead of the
>> location in the attached ASan log file.
>
> What version of Pidgin is this? That line is not in irc_msg_motd in
> the current sources.
>
> Ethan
More information about the security
mailing list