Wireshark-bugs: [Wireshark-bugs] [Bug 9232] Buildbot crash output: fuzz-2013-10-04-22971.pcap
Evan Huus
changed
bug 9232
What |
Removed |
Added |
CC |
|
eapache@gmail.com, michal.labedzki@tieto.com
|
Comment # 1
on bug 9232
from Evan Huus
Running the capture through valgrind gives a whole bunch of
very-similar-but-slightly-different errors. These two seem representative:
==15537== Invalid write of size 1
==15537== at 0xA228B8F: __vsnprintf_chk (vsnprintf_chk.c:55)
==15537== by 0x952AB21: g_snprintf (gprintf.c:162)
==15537== by 0x65E101E: dissect_sdp_type (packet-btsdp.c:2939)
==15537== by 0x65E395C: dissect_sdp_service_attribute_list.isra.2
(packet-btsdp.c:3455)
==15537== by 0x65E44F4: dissect_sdp_service_attribute_list_array
(packet-btsdp.c:3634)
==15537== by 0x65E486B: dissect_btsdp (packet-btsdp.c:3689)
==15537== by 0x648C54E: call_dissector_through_handle (packet.c:488)
==15537== by 0x648CBCF: call_dissector_work (packet.c:586)
==15537== by 0x648D48B: dissector_try_uint_new (packet.c:1017)
==15537== by 0x648D4E6: dissector_try_uint (packet.c:1043)
==15537== by 0x65D3248: dissect_b_frame.constprop.12 (packet-btl2cap.c:1340)
==15537== by 0x65D43AB: dissect_btl2cap (packet-btl2cap.c:1869)
==15537== Address 0x110b9269 is 8 bytes after a block of size 1,025 alloc'd
==15537== at 0x4C2A2DB: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537== by 0x94F0DC0: g_malloc (gmem.c:104)
==15537== by 0x6EFAB6F: wmem_simple_alloc (wmem_allocator_simple.c:51)
==15537== by 0x65DCAC8: dissect_sdp_type (packet-btsdp.c:1822)
==15537== by 0x65E395C: dissect_sdp_service_attribute_list.isra.2
(packet-btsdp.c:3455)
==15537== by 0x65E44F4: dissect_sdp_service_attribute_list_array
(packet-btsdp.c:3634)
==15537== by 0x65E486B: dissect_btsdp (packet-btsdp.c:3689)
==15537== by 0x648C54E: call_dissector_through_handle (packet.c:488)
==15537== by 0x648CBCF: call_dissector_work (packet.c:586)
==15537== by 0x648D48B: dissector_try_uint_new (packet.c:1017)
==15537== by 0x648D4E6: dissector_try_uint (packet.c:1043)
==15537== by 0x65D3248: dissect_b_frame.constprop.12 (packet-btl2cap.c:1340)
==15537== Invalid write of size 1
==15537== at 0xA228BCC: __vsnprintf_chk (vsnprintf_chk.c:66)
==15537== by 0x952AB21: g_snprintf (gprintf.c:162)
==15537== by 0x65E101E: dissect_sdp_type (packet-btsdp.c:2939)
==15537== by 0x65E395C: dissect_sdp_service_attribute_list.isra.2
(packet-btsdp.c:3455)
==15537== by 0x65E44F4: dissect_sdp_service_attribute_list_array
(packet-btsdp.c:3634)
==15537== by 0x65E486B: dissect_btsdp (packet-btsdp.c:3689)
==15537== by 0x648C54E: call_dissector_through_handle (packet.c:488)
==15537== by 0x648CBCF: call_dissector_work (packet.c:586)
==15537== by 0x648D48B: dissector_try_uint_new (packet.c:1017)
==15537== by 0x648D4E6: dissector_try_uint (packet.c:1043)
==15537== by 0x65D3248: dissect_b_frame.constprop.12 (packet-btl2cap.c:1340)
==15537== by 0x65D43AB: dissect_btl2cap (packet-btl2cap.c:1869)
==15537== Address 0x110b927c is not stack'd, malloc'd or (recently) free'd
You are receiving this mail because:
- You are watching all bug changes.