Wireshark-bugs: [Wireshark-bugs] [Bug 9483] New: SIGSEGV/SIGABRT during free of TvbRange using a
| Bug ID |
9483
|
| Summary |
SIGSEGV/SIGABRT during free of TvbRange using a chained dissector in lua
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
SVN
|
| Hardware |
x86-64
|
| OS |
Fedora
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
bugzilla-admin@wireshark.org
|
| Reporter |
jonas@websystem.se
|
Created attachment 12183 [details]
Output from GDB bt command for the two crashes
Build Information:
$ ./wireshark -v
wireshark 1.11.3 (SVN Rev 53611 from master)
Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.24.22, with Cairo 1.13.1, with Pango 1.36.1, with
GLib 2.38.2, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
without libnl, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without
Python,
with GnuTLS 3.1.17, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Aug 4 2013 06:59:20), with AirPcap.
Running on Linux 3.11.8-300.fc20.x86_64, with locale en_US.UTF-8, with libpcap
version 1.5.0, with libz 1.2.8, GnuTLS 3.1.17, Gcrypt 1.5.3, without AirPcap.
Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Built using gcc 4.8.2 20131017 (Red Hat 4.8.2-1).
--
I'm getting SIGSEGV/SIGABRT when opening wireshark with the attached pcap and
lua script.
Wireshark is compiled from the the latest source (svn revision 53611) with -O0
-g and started through gdb.
See the attached printout from the gdb session for the full backtrace, but here
are the two topmost parts of the backtrace.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5795fe5 in free_TvbRange (tvbr=0x7fffe36011b0) at ./wslua_tvb.c:376
376 if (!tvbr->tvb->expired) {
(gdb) bt
#0 0x00007ffff5795fe5 in free_TvbRange (tvbr=0x7fffe36011b0) at
./wslua_tvb.c:376
#1 0x00007ffff5798c08 in TvbRange__gc (L=0x17bf6f0) at ./wslua_tvb.c:1334
#2 0x0000003cd6811905 in luaD_precall (L=L@entry=0x17bf6f0, func=<optimized
out>, nresults=0) at ldo.c:318
Program received signal SIGABRT, Aborted.
0x0000003cd2835c59 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0 0x0000003cd2835c59 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x0000003cd2837368 in __GI_abort () at abort.c:89
#2 0x0000003cd2875da4 in __libc_message (do_abort=do_abort@entry=2,
fmt=fmt@entry=0x3cd297c648 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
#3 0x0000003cd287d098 in malloc_printerr (ptr=<optimized out>,
str=0x3cd297c700 "double free or corruption (out)", action="" at malloc.c:4930
#4 _int_free (av=0x3cd2bb8760 <main_arena>, p=<optimized out>, have_lock=0) at
malloc.c:3782
#5 0x000000335de4ef7f in g_free (mem=0x7fffe36011d0) at gmem.c:197
#6 0x00007ffff5795f7d in free_Tvb (tvb=0x7fffe36011d0) at ./wslua_tvb.c:362
#7 0x00007ffff579600b in free_TvbRange (tvbr=0x7fffe36011b0) at
./wslua_tvb.c:379
#8 0x00007ffff5798c08 in TvbRange__gc (L=0x17bf700) at ./wslua_tvb.c:1334
#9 0x0000003cd6811905 in luaD_precall (L=L@entry=0x17bf700, func=<optimized
out>, nresults=0) at ldo.c:318
Wireshark is started with the following arguments
-X lua_script:/home/jonasj/crash_ws.lua -r /home/jonasj/dump.pcap
The pcap file and the lua script which causes the crash are also attached.
Beside the latest svn version I've also seen this problem with the Fedora 20
shipped wireshark (wireshark-1.10.3-4.fc20.x86_64).
You are receiving this mail because:
- You are watching all bug changes.
