Wireshark-bugs: [Wireshark-bugs] [Bug 9232] Buildbot crash output: fuzz-2013-10-04-22971.pcap
Date: Sat, 05 Oct 2013 17:48:46 +0000

changed bug 9232

What Removed Added
CC   eapache@gmail.com, michal.labedzki@tieto.com

Comment # 1 on bug 9232 from
Running the capture through valgrind gives a whole bunch of
very-similar-but-slightly-different errors. These two seem representative:

==15537== Invalid write of size 1
==15537==    at 0xA228B8F: __vsnprintf_chk (vsnprintf_chk.c:55)
==15537==    by 0x952AB21: g_snprintf (gprintf.c:162)
==15537==    by 0x65E101E: dissect_sdp_type (packet-btsdp.c:2939)
==15537==    by 0x65E395C: dissect_sdp_service_attribute_list.isra.2
(packet-btsdp.c:3455)
==15537==    by 0x65E44F4: dissect_sdp_service_attribute_list_array
(packet-btsdp.c:3634)
==15537==    by 0x65E486B: dissect_btsdp (packet-btsdp.c:3689)
==15537==    by 0x648C54E: call_dissector_through_handle (packet.c:488)
==15537==    by 0x648CBCF: call_dissector_work (packet.c:586)
==15537==    by 0x648D48B: dissector_try_uint_new (packet.c:1017)
==15537==    by 0x648D4E6: dissector_try_uint (packet.c:1043)
==15537==    by 0x65D3248: dissect_b_frame.constprop.12 (packet-btl2cap.c:1340)
==15537==    by 0x65D43AB: dissect_btl2cap (packet-btl2cap.c:1869)
==15537==  Address 0x110b9269 is 8 bytes after a block of size 1,025 alloc'd
==15537==    at 0x4C2A2DB: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15537==    by 0x94F0DC0: g_malloc (gmem.c:104)
==15537==    by 0x6EFAB6F: wmem_simple_alloc (wmem_allocator_simple.c:51)
==15537==    by 0x65DCAC8: dissect_sdp_type (packet-btsdp.c:1822)
==15537==    by 0x65E395C: dissect_sdp_service_attribute_list.isra.2
(packet-btsdp.c:3455)
==15537==    by 0x65E44F4: dissect_sdp_service_attribute_list_array
(packet-btsdp.c:3634)
==15537==    by 0x65E486B: dissect_btsdp (packet-btsdp.c:3689)
==15537==    by 0x648C54E: call_dissector_through_handle (packet.c:488)
==15537==    by 0x648CBCF: call_dissector_work (packet.c:586)
==15537==    by 0x648D48B: dissector_try_uint_new (packet.c:1017)
==15537==    by 0x648D4E6: dissector_try_uint (packet.c:1043)
==15537==    by 0x65D3248: dissect_b_frame.constprop.12 (packet-btl2cap.c:1340)

==15537== Invalid write of size 1
==15537==    at 0xA228BCC: __vsnprintf_chk (vsnprintf_chk.c:66)
==15537==    by 0x952AB21: g_snprintf (gprintf.c:162)
==15537==    by 0x65E101E: dissect_sdp_type (packet-btsdp.c:2939)
==15537==    by 0x65E395C: dissect_sdp_service_attribute_list.isra.2
(packet-btsdp.c:3455)
==15537==    by 0x65E44F4: dissect_sdp_service_attribute_list_array
(packet-btsdp.c:3634)
==15537==    by 0x65E486B: dissect_btsdp (packet-btsdp.c:3689)
==15537==    by 0x648C54E: call_dissector_through_handle (packet.c:488)
==15537==    by 0x648CBCF: call_dissector_work (packet.c:586)
==15537==    by 0x648D48B: dissector_try_uint_new (packet.c:1017)
==15537==    by 0x648D4E6: dissector_try_uint (packet.c:1043)
==15537==    by 0x65D3248: dissect_b_frame.constprop.12 (packet-btl2cap.c:1340)
==15537==    by 0x65D43AB: dissect_btl2cap (packet-btl2cap.c:1869)
==15537==  Address 0x110b927c is not stack'd, malloc'd or (recently) free'd


You are receiving this mail because:
  • You are watching all bug changes.