Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10079] Buildbot crash output: fuzz-2014-05-06-21601.pcap

[bugzilla-daemon@xxxxxxxxxxxxx]

Alexis La Goutte changed bug 10079

What	Removed	Added
CC		alexis.lagoutte@gmail.com

Comment # 8 on bug 10079 from Alexis La Goutte

Ask by Evan a try with ASAN 

Git commit
commit d0467f4d1f22462ac0d64d68ca600a6aa8735a8d
Author: Evan Huus <eapache@gmail.com>
Date:   Tue May 6 10:19:02 2014 -0400

    Tweak ber_choice flow control.

    There appear to be a couple of bugs in the flow control of this function
(which
    is very confusing), at least one of which is leading to a buffer overrun.
See
    the bug comments for more details and guesses of what the correct thing to
do
    is.

    Bug:9579
    Change-Id: Ibd3077792c7689a715ea53e8bf8c7a561c67389f


Command and args: ./tshark -nVxr

=================================================================
==4192==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7f1aa22eda68 at pc 0x7f1aa00529a7 bp 0x7fff0f72b600 sp 0x7fff0f72b5f8
READ of size 8 at 0x7f1aa22eda68 thread T0
    #0 0x7f1aa00529a6 in try_val_to_str
/home/alagoutte/wireshark-clang/epan/value_string.c:83 (discriminator 1)
    #1 0x7f1a9fff5e4f in hf_try_val_to_str_const
/home/alagoutte/wireshark-clang/epan/proto.c:5994
    #2 0x7f1a9fff1085 in proto_item_fill_label
/home/alagoutte/wireshark-clang/epan/proto.c:5772
    #3 0x7f1a9ffd1de4 in proto_tree_print_node
/home/alagoutte/wireshark-clang/epan/print.c:186
    #4 0x7f1a9ffdaedd in proto_tree_children_foreach
/home/alagoutte/wireshark-clang/epan/proto.c:629
    #5 0x7f1a9ffd232f in proto_tree_print_node
/home/alagoutte/wireshark-clang/epan/print.c:241
    #6 0x7f1a9ffdaedd in proto_tree_children_foreach
/home/alagoutte/wireshark-clang/epan/proto.c:629
    #7 0x7f1a9ffd1b91 in proto_tree_print
/home/alagoutte/wireshark-clang/epan/print.c:153
    #8 0x4b2049 in print_packet /home/alagoutte/wireshark-clang/tshark.c:3939
    #9 0x4b00db in process_packet /home/alagoutte/wireshark-clang/tshark.c:3551
    #10 0x4ab9b4 in main /home/alagoutte/wireshark-clang/tshark.c:3327
    #11 0x7f1a98ca0de4 in __libc_start_main
/build/buildd/eglibc-2.17/csu/libc-start.c:260
    #12 0x493e9c in _start ??:?

0x7f1aa22eda68 is located 56 bytes to the left of global variable '.str13' from
'packet-mausb.c' (0x7f1aa22edaa0) of size 21
  '.str13' is ascii string 'mausb.flags.reserved'
0x7f1aa22eda69 is located 0 bytes to the right of global variable '.str12' from
'packet-mausb.c' (0x7f1aa22eda60) of size 9
  '.str12' is ascii string 'Reserved'
SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
  0x0fe3d4455af0: f9 f9 f9 f9 00 07 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
  0x0fe3d4455b00: f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 06 f9 f9 f9
  0x0fe3d4455b10: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 05 f9 f9 f9
  0x0fe3d4455b20: f9 f9 f9 f9 00 00 01 f9 f9 f9 f9 f9 06 f9 f9 f9
  0x0fe3d4455b30: f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9 00 02 f9 f9
=>0x0fe3d4455b40: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 00[01]f9 f9
  0x0fe3d4455b50: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 05 f9 f9 f9
  0x0fe3d4455b60: f9 f9 f9 f9 00 03 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
  0x0fe3d4455b70: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 06 f9 f9
  0x0fe3d4455b80: f9 f9 f9 f9 00 00 01 f9 f9 f9 f9 f9 00 00 f9 f9
  0x0fe3d4455b90: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 02 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe

---

      You are receiving this mail because:

• You are watching all bug changes.