Wireshark-bugs: [Wireshark-bugs] [Bug 9717] New: Clang ASAN : heap-buffer-overflow string_fvalue
Date: Mon, 03 Feb 2014 13:28:42 +0000
Bug ID | 9717 |
---|---|
Summary | Clang ASAN : heap-buffer-overflow string_fvalue_set_string |
Classification | Unclassified |
Product | Wireshark |
Version | Git |
Hardware | All |
OS | All |
Status | UNCONFIRMED |
Severity | Normal |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | alexis.lagoutte@gmail.com |
Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- I fuzzing wireshark with ASAN ( http://clang.llvm.org/docs/AddressSanitizer.html) and it found the following issue : Input file: ../menagerie/public/874-wimaxasncp-rand1.pcap Command and args: ./tshark -nVxr ================================================================= ==10900==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61b000013a5c at pc 0x45ffce bp 0x7fff666b8c50 sp 0x7fff666b8c30 READ of size 1435 at 0x61b000013a5c thread T0 #0 0x45ffcd in __interceptor_strlen ??:? #1 0x7f856af3c0b2 in g_strdup ??:? #2 0x7f856fd06c31 in string_fvalue_set_string /home/alagoutte/wireshark-clang/epan/ftypes/ftype-string.c:55 #3 0x7f856fc6cdb2 in proto_tree_set_string /home/alagoutte/wireshark-clang/epan/proto.c:2782 #4 0x7f856fc6d266 in proto_tree_add_string_format /home/alagoutte/wireshark-clang/epan/proto.c:2718 #5 0x7f8562ae1aea in wimaxasncp_dissect_tlv_value /home/alagoutte/wireshark-clang/plugins/wimaxasncp/packet-wimaxasncp.c:843 #6 0x7f8562ad819b in dissect_wimaxasncp_backend /home/alagoutte/wireshark-clang/plugins/wimaxasncp/packet-wimaxasncp.c:2087 #7 0x7f856fc3836d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:593 #8 0x7f856fc3864b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1115 #9 0x7f85707a0be1 in decode_udp_ports /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:413 #10 0x7f85707a3f0e in dissect /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:752 #11 0x7f856fc38399 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:597 #12 0x7f856fc37ff3 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1115 #13 0x7f8570242737 in dissect_ip /home/alagoutte/wireshark-clang/epan/dissectors/packet-ip.c:2403 #14 0x7f856fc38399 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:597 #15 0x7f856fc3864b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1115 #16 0x7f857009134e in dissect_ethertype /home/alagoutte/wireshark-clang/epan/dissectors/packet-ethertype.c:305 #17 0x7f856fc3836d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:593 #18 0x7f856fc3b68c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2224 #19 0x7f857008fdc2 in dissect_eth_common /home/alagoutte/wireshark-clang/epan/dissectors/packet-eth.c:472 #20 0x7f856fc38399 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:597 #21 0x7f856fc3864b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1115 #22 0x7f85700dcdae in dissect_frame /home/alagoutte/wireshark-clang/epan/dissectors/packet-frame.c:490 #23 0x7f856fc38399 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:597 #24 0x7f856fc3b68c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2224 #25 0x7f856fc36221 in call_dissector /home/alagoutte/wireshark-clang/epan/packet.c:2254 #26 0x7f856fc16e18 in epan_dissect_run_with_taps /home/alagoutte/wireshark-clang/epan/epan.c:329 #27 0x4a5235 in process_packet /home/alagoutte/wireshark-clang/tshark.c:3487 #28 0x4a0c23 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3277 #29 0x7f8568af5de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 #30 0x4898ec in _start ??:? 0x61b000013a5c is located 0 bytes to the right of 1500-byte region [0x61b000013480,0x61b000013a5c) allocated by thread T0 here: #0 0x471ad1 in malloc ??:? #1 0x7f856af24dd0 in g_malloc ??:? #2 0x4a2e94 in cf_open /home/alagoutte/wireshark-clang/tshark.c:3952 #3 0x49f140 in main /home/alagoutte/wireshark-clang/tshark.c:2001 #4 0x7f8568af5de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ?? Shadow bytes around the buggy address: 0x0c367fffa6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffa700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffa710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffa720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffa730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c367fffa740: 00 00 00 00 00 00 00 00 00 00 00[04]fa fa fa fa 0x0c367fffa750: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c367fffa760: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c367fffa770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffa780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c367fffa790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==10900==ABORTING
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 9717] Clang ASAN : heap-buffer-overflow string_fvalue_set_string
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9717] Clang ASAN : heap-buffer-overflow string_fvalue_set_string
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9717] Clang ASAN : heap-buffer-overflow string_fvalue_set_string
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9717] Clang ASAN : heap-buffer-overflow string_fvalue_set_string
- Prev by Date: [Wireshark-bugs] [Bug 9710] allow tshark to read from pipe
- Next by Date: [Wireshark-bugs] [Bug 9717] Clang ASAN : heap-buffer-overflow string_fvalue_set_string
- Previous by thread: [Wireshark-bugs] [Bug 9715] Uninstall script for OS X
- Next by thread: [Wireshark-bugs] [Bug 9717] Clang ASAN : heap-buffer-overflow string_fvalue_set_string
- Index(es):