Wireshark-bugs: [Wireshark-bugs] [Bug 9885] Buildbot crash output: fuzz-2014-03-14-15333.pcap
Date: Sun, 16 Mar 2014 06:12:25 +0000

Comment # 2 on bug 9885 from
Created attachment 12636 [details]
minimal pcap to crash

(putting this stuff in bugzilla before I forget it, because I haven't spent
long looking at this and might not get to it for a couple days)

The attached is a smaller pcap of the original needed to crash. Oddly, with the
original it doesn't crash on a 1-pass tshark run, but does on a 2-pass; but
this attached one crashes on just 1-pass.

It also has another (probably unrelated) bug showing - the RTP packet is
matching an RTP-setup flow that it shouldn't match, because it's destined to an
IP-address that wasn't the connection address in SDP. That's really weird, but
I don't think it's related to the crash. (maybe)

The crash occurs during a g_hash table lookup for dynamic payload info.

Also, the crash trace is this:
0   libglib-2.0.0.dylib               0x000000010a81014d g_hash_table_lookup +
61 (ghash.c:371)
1   libwireshark.0.dylib              0x000000010686c8bb dissect_rtp + 1499
(packet-rtp.c:1789)
2   libwireshark.0.dylib              0x000000010628a59e call_dissector_work +
286 (packet.c:591)
3   libwireshark.0.dylib              0x000000010627b65d
try_conversation_dissector + 93 (conversation.c:1307)
4   libwireshark.0.dylib              0x0000000106984c5d decode_udp_ports + 269
(packet-udp.c:368)
5   libwireshark.0.dylib              0x0000000106985fea dissect + 3642
(packet-udp.c:750)
6   libwireshark.0.dylib              0x000000010628a5b6 call_dissector_work +
310 (packet.c:597)
7   libwireshark.0.dylib              0x000000010628a43a dissector_try_uint_new
+ 106 (packet.c:1113)
8   libwireshark.0.dylib              0x0000000106648358 dissect_ip + 5448
(packet-ip.c:2400)
9   libwireshark.0.dylib              0x000000010628a5b6 call_dissector_work +
310 (packet.c:597)
10  libwireshark.0.dylib              0x000000010628a6a8 dissector_try_uint +
104 (packet.c:1113)
11  libwireshark.0.dylib              0x000000010651e706 dissect_ethertype +
342 (packet-ethertype.c:303)
12  libwireshark.0.dylib              0x000000010628a59e call_dissector_work +
286 (packet.c:591)
13  libwireshark.0.dylib              0x000000010628bb42
call_dissector_with_data + 50 (packet.c:2247)
14  libwireshark.0.dylib              0x000000010651df3b dissect_eth_common +
3163 (packet-eth.c:470)
15  libwireshark.0.dylib              0x000000010628a5b6 call_dissector_work +
310 (packet.c:597)
16  libwireshark.0.dylib              0x000000010628a6a8 dissector_try_uint +
104 (packet.c:1113)
17  libwireshark.0.dylib              0x0000000106550d90 dissect_frame + 3248
(packet-frame.c:488)
18  libwireshark.0.dylib              0x000000010628a5b6 call_dissector_work +
310 (packet.c:597)
19  libwireshark.0.dylib              0x000000010628bb42
call_dissector_with_data + 50 (packet.c:2247)
20  libwireshark.0.dylib              0x0000000106289ac5 dissect_packet + 469
(packet.c:471)
21  libwireshark.0.dylib              0x000000010627efbe
epan_dissect_run_with_taps + 62 (epan.c:343)
22  tshark                            0x000000010617a837 process_packet + 327
(tshark.c:3525)
23  tshark                            0x0000000106178257 main + 11431
(tshark.c:3312)
24  libdyld.dylib                     0x00007fff92ea25fd start + 1


You are receiving this mail because:
  • You are watching all bug changes.