Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10461] New: invalid memory accesses in the SnifferDecompress function

Wireshark-bugs: [Wireshark-bugs] [Bug 10461] New: invalid memory accesses in the SnifferDecompre

Date: Wed, 10 Sep 2014 06:04:16 +0000

Bug ID	10461
Summary	invalid memory accesses in the SnifferDecompress function
Product	Wireshark
Version	1.12.0
Hardware	x86
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Capture file support (libwiretap)
Assignee	bugzilla-admin@wireshark.org
Reporter	lewisurn@gmail.com

Created attachment 13049 [details]
testcase to reproduce the bug

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
When we ran Valgrind on the the SnifferDecompress function in the
wiretap/ngsniffer.c file, three invalid memory accesses were reported as the
following. This can be reproduced by compiling the attached testcase:

$ gcc -g -DRANDOM ngsniffer_noklee.c
$ valgrind ./a.out

==17888== Memcheck, a memory error detector
==17888== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==17888== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==17888== Command: ./a.out
==17888== 
==17888== Source and destination overlap in memcpy(0x51cc8a7, 0x51cc82b, 146)
==17888==    at 0x4C2A690: memcpy (mc_replace_strmem.c:838)
==17888==    by 0x40098D: SnifferDecompress (ngsniffer_noklee.c:187)
==17888==    by 0x400B38: main (ngsniffer_noklee.c:250)
==17888== 
==17888== Source and destination overlap in memcpy(0x51d752d, 0x51d7522, 13)
==17888==    at 0x4C2A690: memcpy (mc_replace_strmem.c:838)
==17888==    by 0x400A34: SnifferDecompress (ngsniffer_noklee.c:216)
==17888==    by 0x400B38: main (ngsniffer_noklee.c:250)
==17888== 
==17888== Invalid write of size 1
==17888==    at 0x40075A: SnifferDecompress (ngsniffer_noklee.c:90)
==17888==    by 0x400B38: main (ngsniffer_noklee.c:250)
==17888==  Address 0x51da080 is 0 bytes after a block of size 65,536 alloc'd
==17888==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==17888==    by 0x400AA2: main (ngsniffer_noklee.c:241)

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10460] New: Buildbot crash output: fuzz-2014-09-09-9655.pcap
Next by Date: [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
Previous by thread: [Wireshark-bugs] [Bug 10460] Buildbot crash output: fuzz-2014-09-09-9655.pcap
Next by thread: [Wireshark-bugs] [Bug 10461] invalid memory accesses in the SnifferDecompress function
Index(es):
- Date
- Thread