Wireshark-bugs: [Wireshark-bugs] [Bug 2021] New: Crash at packet-usb-masstorage.c:357 fuzz-2007-
Date: Mon, 26 Nov 2007 09:33:28 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2021

           Summary: Crash at packet-usb-masstorage.c:357 fuzz-2007-11-20-
                    9547.pcap.gz
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: High
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: florent.drouin@xxxxxxxxxx


Build Information:
~/wireshark_TRUNK23594$ ./wireshark -v
wireshark 0.99.8

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.4, with GLib 2.6.4, with libpcap 0.9-PRE-CVS, with libz
1.2.2, with libpcre 4.5, without SMI, with ADNS, without Lua, with GnuTLS
1.0.16, with Gcrypt 1.2.0, with Heimdal Kerberos, without PortAudio, without
AirPcap.

Running on Linux 2.6.15.7, with libpcap version 0.9-PRE-CVS.

Built using gcc 3.3.5 (Debian 1:3.3.5-13).

--
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1249995712 (LWP 13410)]
emem_tree_lookup32_le (se_tree=0x0, key=58) at emem.c:920
(gdb) where
#0  emem_tree_lookup32_le (se_tree=0x0, key=58) at emem.c:920
#1  0xb6c76e93 in dissect_usb_ms_bulk (tvb=0x8779a48, pinfo=0x873e468,
parent_tree=0x876c178) at packet-usb-masstorage.c:357
#2  0xb6776d24 in call_dissector_through_handle (handle=0x857da10,
tvb=0x8779a48, pinfo=0x873e468, tree=0x876c178) at packet.c:396
#3  0xb6776e32 in call_dissector_work (handle=0x857da10, tvb=0x8779a48,
pinfo_arg=0x873e468, tree=0x876c178) at packet.c:485
#4  0xb6777747 in dissector_try_port (sub_dissectors=0x0, port=8, tvb=0x0,
pinfo=0x873e468, tree=0x0) at packet.c:870
#5  0xb6c760fb in dissect_linux_usb (tvb=0x87799e0, pinfo=0x873e468,
parent=0x876c178) at packet-usb.c:1134
#6  0xb6776d24 in call_dissector_through_handle (handle=0x83f1fb8,
tvb=0x87799e0, pinfo=0x873e468, tree=0x876c178) at packet.c:396
#7  0xb6776e32 in call_dissector_work (handle=0x83f1fb8, tvb=0x87799e0,
pinfo_arg=0x873e468, tree=0x876c178) at packet.c:485
#8  0xb6777747 in dissector_try_port (sub_dissectors=0x0, port=95, tvb=0x0,
pinfo=0x873e468, tree=0x0) at packet.c:870
#9  0xb699b18a in dissect_frame (tvb=0x87799e0, pinfo=0x873e468,
parent_tree=0x876c178) at packet-frame.c:300
#10 0xb6776d24 in call_dissector_through_handle (handle=0x83af440,
tvb=0x87799e0, pinfo=0x873e468, tree=0x876c178) at packet.c:396
#11 0xb6776e32 in call_dissector_work (handle=0x83af440, tvb=0x87799e0,
pinfo_arg=0x873e468, tree=0x876c178) at packet.c:485
#12 0xb6778b12 in call_dissector (handle=0x0, tvb=0x87799e0, pinfo=0x873e468,
tree=0x876c178) at packet.c:1774
#13 0xb6776ca7 in dissect_packet (edt=0x873e460, pseudo_header=0x0,
pd=0x8774508 "", fd=0x87a8ba0, cinfo=0x0) at packet.c:332
#14 0xb676fea0 in epan_dissect_run (edt=0x0, pseudo_header=0x0, data=0x0,
fd=0x0, cinfo=0x0) at epan.c:158
#15 0x08073144 in add_packet_to_packet_list (fdata=0x87a8ba0, cf=0x81e7540,
dfcode=0x0, pseudo_header=0x0, buf=0x0, refilter=1) at file.c:962
#16 0x08073417 in read_packet (cf=0x81e7540, dfcode=0x0, offset=3926) at
file.c:1095
#17 0x080727c0 in cf_read (cf=0x81e7540) at file.c:496
#18 0x08076f18 in cf_reload (cf=0x81e7540) at file.c:3792
#19 0xb5f592a6 in g_cclosure_marshal_VOID__VOID () from
/usr/lib/libgobject-2.0.so.0
#20 0xb5f47736 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#21 0xb5f58dcf in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#22 0xb5f57e9c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#23 0xb5f58216 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#24 0xb625e299 in gtk_tool_button_get_type () from /usr/lib/libgtk-x11-2.0.so.0
#25 0xb5f592a6 in g_cclosure_marshal_VOID__VOID () from
/usr/lib/libgobject-2.0.so.0
#26 0xb5f47736 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#27 0xb5f58dcf in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#28 0xb5f57e9c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#29 0xb5f58126 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#30 0xb60f0655 in gtk_button_clicked () from /usr/lib/libgtk-x11-2.0.so.0
#31 0xb60f14da in _gtk_button_paint () from /usr/lib/libgtk-x11-2.0.so.0
#32 0xb5f592a6 in g_cclosure_marshal_VOID__VOID () from
/usr/lib/libgobject-2.0.so.0
#33 0xb5f479c9 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#34 0xb5f47736 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#35 0xb5f58651 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#36 0xb5f57e9c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#37 0xb5f58126 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#38 0xb60f05c5 in gtk_button_released () from /usr/lib/libgtk-x11-2.0.so.0
#39 0xb60f1383 in _gtk_button_paint () from /usr/lib/libgtk-x11-2.0.so.0
#40 0xb61b699e in _gtk_marshal_BOOLEAN__BOXED () from
/usr/lib/libgtk-x11-2.0.so.0
#41 0xb5f479c9 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#42 0xb5f47736 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#43 0xb5f58855 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#44 0xb5f57c8c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#45 0xb5f58126 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#46 0xb62a5d87 in gtk_widget_send_expose () from /usr/lib/libgtk-x11-2.0.so.0
#47 0xb61b54b2 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#48 0xb61b4306 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#49 0xb6054825 in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0
#50 0xb5ed6582 in g_main_depth () from /usr/lib/libglib-2.0.so.0
#51 0xb5ed75f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#52 0xb5ed7930 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#53 0xb5ed7ed3 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#54 0xb61b3bb3 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#55 0x0808a2c0 in main (argc=0, argv=0xbf909b18) at main.c:3097
(gdb) up
#1  0xb6c76e93 in dissect_usb_ms_bulk (tvb=0x8779a48, pinfo=0x873e468,
parent_tree=0x876c178) at packet-usb-masstorage.c:357
(gdb)


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.