Wireshark-bugs: [Wireshark-bugs] [Bug 10016] segmentation fault observed in wireshark while chec
Date: Mon, 09 Mar 2015 14:02:14 +0000
What | Removed | Added |
---|---|---|
CC | peter@lekensteyn.nl | |
Version | 1.10.3 | 1.99.x (Experimental) |
Comment # 8
on bug 10016
from Peter Wu
The crash still occurs with v1.99.4rc0-34-g6bc138c. Reproducible on a subset of the capture: tshark -r attachment12717 [details].pcap -Y udp.stream==47 -w subset.pcap Then follow the Decode As RTP and other steps from the bug description. ==12024==ERROR: AddressSanitizer: heap-use-after-free on address 0x622000153100 at pc 0x7fffea46c797 bp 0x7fffffffd2c0 sp 0x7fffffffd2b0 READ of size 4 at 0x622000153100 thread T0 #0 0x7fffea46c796 in solve_address_to_name epan/addr_resolv.c:1041 #1 0x7fffea473ed8 in address_to_display epan/addr_resolv.c:3007 #2 0x5baf8b in rtpstream_view_selection_func ui/gtk/rtp_stream_dlg.c:637 #3 0x7ffff6931351 (/usr/lib/libgtk-3.so.0+0x2f0351) #4 0x7ffff69313e2 (/usr/lib/libgtk-3.so.0+0x2f03e2) #5 0x7ffff6931dc5 (/usr/lib/libgtk-3.so.0+0x2f0dc5) #6 0x7ffff69457d3 (/usr/lib/libgtk-3.so.0+0x3047d3) #7 0x7ffff6948495 (/usr/lib/libgtk-3.so.0+0x307495) #8 0x7ffff5796431 in g_closure_invoke (/usr/lib/libgobject-2.0.so.0+0x10431) #9 0x7ffff57a8afb (/usr/lib/libgobject-2.0.so.0+0x22afb) #10 0x7ffff57b1787 in g_signal_emit_valist (/usr/lib/libgobject-2.0.so.0+0x2b787) #11 0x7ffff57b19ee in g_signal_emit (/usr/lib/libgobject-2.0.so.0+0x2b9ee) #12 0x7ffff6829d94 in gtk_list_store_remove (/usr/lib/libgtk-3.so.0+0x1e8d94) #13 0x7ffff682a4fe in gtk_list_store_clear (/usr/lib/libgtk-3.so.0+0x1e94fe) #14 0x5bcfa1 in rtpstream_dlg_update ui/gtk/rtp_stream_dlg.c:1091 #15 0x5bd0e6 in rtpstream_tap_draw ui/gtk/rtp_stream_dlg.c:1111 #16 0x77d0f6 in rtpstream_draw ui/rtp_stream.c:59 #17 0x7fffea58705a in draw_tap_listeners epan/tap.c:415 #18 0x4858ed in tap_update_cb ui/gtk/main.c:1308 #19 0x7ffff54c3823 (/usr/lib/libglib-2.0.so.0+0x4b823) #20 0x7ffff54c2d4d in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x4ad4d) #21 0x7ffff54c3127 (/usr/lib/libglib-2.0.so.0+0x4b127) #22 0x7ffff54c3471 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x4b471) #23 0x7ffff682d174 in gtk_main (/usr/lib/libgtk-3.so.0+0x1ec174) #24 0x48ab58 in main ui/gtk/main.c:3250 #25 0x7fffe20c47ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff) #26 0x424348 in _start (/tmp/wsbuild/run/wireshark-gtk+0x424348) 0x622000153100 is located 0 bytes inside of 5192-byte region [0x622000153100,0x622000154548) freed by thread T0 here: #0 0x7ffff6f5752f in __interceptor_free (/usr/lib/libasan.so.1+0x5752f) #1 0x7819a2 in rtpstream_reset ui/tap-rtp-common.c:80 #2 0x781c2d in rtpstream_reset_cb ui/tap-rtp-common.c:96 #3 0x7fffea586e45 in reset_tap_listeners epan/tap.c:392 #4 0x43e24f in cf_retap_packets file.c:2373 #5 0x5ac939 in on_refresh_bt_clicked ui/gtk/rtp_analysis.c:2064 #6 0x5b7ff0 in rtp_analysis ui/gtk/rtp_analysis.c:3914 #7 0x5babf9 in rtpstream_on_analyse ui/gtk/rtp_stream_dlg.c:539 #8 0x7ffff5796654 (/usr/lib/libgobject-2.0.so.0+0x10654) #9 0x7ffff57b1096 in g_signal_emit_valist (/usr/lib/libgobject-2.0.so.0+0x2b096) #10 0x7ffff57b19ee in g_signal_emit (/usr/lib/libgobject-2.0.so.0+0x2b9ee) #11 0x7ffff6748afc (/usr/lib/libgtk-3.so.0+0x107afc) previously allocated by thread T0 here: #0 0x7ffff6f577a7 in malloc (/usr/lib/libasan.so.1+0x577a7) #1 0x7ffff54c8cf1 in g_malloc (/usr/lib/libglib-2.0.so.0+0x50cf1) #2 0x7834df in rtpstream_packet ui/tap-rtp-common.c:235 #3 0x7fffea586b02 in tap_push_tapped_queue epan/tap.c:331 #4 0x7fffea4ade7b in epan_dissect_run_with_taps epan/epan.c:344 #5 0x43e120 in retap_packet file.c:2338 #6 0x43de42 in process_specified_records file.c:2308 #7 0x43e317 in cf_retap_packets file.c:2382 #8 0x77d24d in rtpstream_scan ui/rtp_stream.c:80 #9 0x5bd1a0 in rtpstream_launch ui/gtk/rtp_stream_dlg.c:1156 #10 0x7ffff5796431 in g_closure_invoke (/usr/lib/libgobject-2.0.so.0+0x10431) #11 0x7ffff57a8afb (/usr/lib/libgobject-2.0.so.0+0x22afb) #12 0x7ffff57b1787 in g_signal_emit_valist (/usr/lib/libgobject-2.0.so.0+0x2b787) #13 0x7ffff57b19ee in g_signal_emit (/usr/lib/libgobject-2.0.so.0+0x2b9ee) #14 0x7ffff66dfc5f (/usr/lib/libgtk-3.so.0+0x9ec5f) SUMMARY: AddressSanitizer: heap-use-after-free epan/addr_resolv.c:1041 solve_address_to_name
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 11042] dissection not happening properly for latitude and longitude in PMIPv6 PBU request
- Next by Date: [Wireshark-bugs] [Bug 10016] Crash when using the "RTP Analyze" option
- Previous by thread: [Wireshark-bugs] [Bug 11042] dissection not happening properly for latitude and longitude in PMIPv6 PBU request
- Next by thread: [Wireshark-bugs] [Bug 10016] Crash when using the "RTP Analyze" option
- Index(es):