Wireshark-bugs: [Wireshark-bugs] [Bug 10495] memcpy error in vwr_read (possible sec mem corrupti
Date: Wed, 24 Sep 2014 14:21:58 +0000

changed bug 10495


What Removed Added
CC   alexis.lagoutte@gmail.com

Comment # 2 on bug 10495 from
Hi Evan 
the ASAN report :

=================================================================
==13678==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff54f347a0 at pc 0x489400 bp 0x7fff54f2c630 sp 0x7fff54f2bdf0
READ of size 1295360 at 0x7fff54f347a0 thread T0
    #0 0x4893ff in __asan_memcpy ??:?
    #1 0x7f8d51ac5596 in vwr_read_s2_W_rec
/home/alagoutte/wireshark-clang/wiretap/vwr.c:1446
    #2 0x7f8d51abee65 in vwr_read
/home/alagoutte/wireshark-clang/wiretap/vwr.c:590
    #3 0x7f8d51ac77d7 in wtap_read
/home/alagoutte/wireshark-clang/wiretap/wtap.c:1002
    #4 0x4ce487 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3345
(discriminator 1)
    #5 0x7f8d41d8fde4 in __libc_start_main
/build/buildd/eglibc-2.17/csu/libc-start.c:260
    #6 0x4bd03c in _start ??:?

Address 0x7fff54f347a0 is located in stack of thread T0 at offset 32800 in
frame
    #0 0x7f8d51abf73f in vwr_process_rec_data
/home/alagoutte/wireshark-clang/wiretap/vwr.c:2159

  This frame has 1 object(s):
    [32, 32800) 'rec' <== Memory access at offset 32800 overflows this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
  0x10006a9de8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006a9de8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006a9de8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006a9de8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006a9de8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10006a9de8f0: 00 00 00 00[f3]f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
  0x10006a9de900: f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
  0x10006a9de910: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006a9de920: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 04 f3
  0x10006a9de930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006a9de940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
==13678==ABORTING


You are receiving this mail because:
  • You are watching all bug changes.