...
CVE-2009-1376 results from a violation of this rule. In version 2.5.5 of Pidgin, an unsigned integer (offset) a size_t offset is set to the value of a 64-bit unsigned integer, which can lead to truncation [xorl 2009] on platforms where a size_t is interpreted as a 32-bit unsigned integer. An attacker can execute arbitrary code by carefully choosing this value and causing a buffer overflow.
...