Wireshark-bugs: [Wireshark-bugs] [Bug 10495] memcpy error in vwr_read (possible sec mem corrupti
Alexis La Goutte
changed
bug 10495
What |
Removed |
Added |
CC |
|
alexis.lagoutte@gmail.com
|
Comment # 2
on bug 10495
from Alexis La Goutte
Hi Evan
the ASAN report :
=================================================================
==13678==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff54f347a0 at pc 0x489400 bp 0x7fff54f2c630 sp 0x7fff54f2bdf0
READ of size 1295360 at 0x7fff54f347a0 thread T0
#0 0x4893ff in __asan_memcpy ??:?
#1 0x7f8d51ac5596 in vwr_read_s2_W_rec
/home/alagoutte/wireshark-clang/wiretap/vwr.c:1446
#2 0x7f8d51abee65 in vwr_read
/home/alagoutte/wireshark-clang/wiretap/vwr.c:590
#3 0x7f8d51ac77d7 in wtap_read
/home/alagoutte/wireshark-clang/wiretap/wtap.c:1002
#4 0x4ce487 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3345
(discriminator 1)
#5 0x7f8d41d8fde4 in __libc_start_main
/build/buildd/eglibc-2.17/csu/libc-start.c:260
#6 0x4bd03c in _start ??:?
Address 0x7fff54f347a0 is located in stack of thread T0 at offset 32800 in
frame
#0 0x7f8d51abf73f in vwr_process_rec_data
/home/alagoutte/wireshark-clang/wiretap/vwr.c:2159
This frame has 1 object(s):
[32, 32800) 'rec' <== Memory access at offset 32800 overflows this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x10006a9de8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006a9de8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006a9de8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006a9de8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006a9de8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10006a9de8f0: 00 00 00 00[f3]f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
0x10006a9de900: f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3 f3
0x10006a9de910: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10006a9de920: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 04 f3
0x10006a9de930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006a9de940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
ASan internal: fe
==13678==ABORTING
You are receiving this mail because:
- You are watching all bug changes.