Wireshark-bugs: [Wireshark-bugs] [Bug 10498] New: segfault in ppcapng_free_wtapng_block_data rea
Date: Wed, 24 Sep 2014 12:34:55 +0000
Bug ID 10498
Summary segfault in ppcapng_free_wtapng_block_data reading file
Product Wireshark
Version unspecified
Hardware x86
OS Debian
Status UNCONFIRMED
Severity Major
Priority Low
Component Capture file support (libwiretap)
Assignee bugzilla-admin@wireshark.org
Reporter tecnik@gmail.com

Created attachment 13086 [details]
doescrash_ws - file that causes crash

Build Information:
TShark (Wireshark) 1.99.0 (v1.99.0-rc1-1862-gffe30fb from master)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
libz 1.2.7, with GLib 2.32.4, without SMI, without c-ares, without ADNS,
without
Lua, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP.

Running on Linux 3.14-kali1-amd64, with locale en_GB.UTF-8, with libpcap
version
1.3.0, with libz 1.2.7.
      Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz (with SSE4.2)

Built using gcc 4.7.2.

--
[+] mutated byte at 131
    doesntcrash_ws: 0
    doescrash_ws: 242

==6027== Memcheck, a memory error detector
==6027== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==6027== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==6027== Command: tshark -r 4f8878f38a6ddbda202ba2202ceba375_1
==6027== Parent PID: 5783
==6027== 
==6027== Invalid free() / delete / delete[] / realloc()
==6027==    at 0x4C2845A: free (vg_replace_malloc.c:473)
==6027==    by 0x4E5F2EC: pcapng_free_wtapng_block_data (pcapng.c:496)
==6027==    by 0x4E623F1: pcapng_open (pcapng.c:2327)
==6027==    by 0x4E45BD0: wtap_open_offline (file_access.c:898)
==6027==    by 0x41502D: cf_open (tshark.c:4024)
==6027==    by 0x40CB57: main (tshark.c:2080)
==6027==  Address 0xf4240 is not stack'd, malloc'd or (recently) free'd
==6027== 
==6027== Invalid free() / delete / delete[] / realloc()
==6027==    at 0x4C2845A: free (vg_replace_malloc.c:473)
==6027==    by 0x4E5F2F5: pcapng_free_wtapng_block_data (pcapng.c:497)
==6027==    by 0x4E623F1: pcapng_open (pcapng.c:2327)
==6027==    by 0x4E45BD0: wtap_open_offline (file_access.c:898)
==6027==    by 0x41502D: cf_open (tshark.c:4024)
==6027==    by 0x40CB57: main (tshark.c:2080)
==6027==  Address 0x20000000006b is not stack'd, malloc'd or (recently) free'd
==6027== 
==6027== 
==6027== HEAP SUMMARY:
==6027==     in use at exit: 1,477,360 bytes in 27,701 blocks
==6027==   total heap usage: 202,709 allocs, 175,010 frees, 27,251,483 bytes
allocated
==6027== 
==6027== LEAK SUMMARY:
==6027==    definitely lost: 851 bytes in 64 blocks
==6027==    indirectly lost: 0 bytes in 0 blocks
==6027==      possibly lost: 519,215 bytes in 1,988 blocks
==6027==    still reachable: 957,294 bytes in 25,649 blocks
==6027==         suppressed: 0 bytes in 0 blocks
==6027== Rerun with --leak-check=full to see details of leaked memory
==6027== 
==6027== For counts of detected and suppressed errors, rerun with: -v
==6027== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 41 from 5)


You are receiving this mail because:
  • You are watching all bug changes.