Wireshark-bugs: [Wireshark-bugs] [Bug 10016] segmentation fault observed in wireshark while chec
Date: Mon, 09 Mar 2015 14:02:14 +0000

changed bug 10016


What Removed Added
CC   peter@lekensteyn.nl
Version 1.10.3 1.99.x (Experimental)

Comment # 8 on bug 10016 from
The crash still occurs with v1.99.4rc0-34-g6bc138c. Reproducible on a subset of
the capture:
tshark -r attachment12717 [details].pcap -Y udp.stream==47 -w subset.pcap

Then follow the Decode As RTP and other steps from the bug description.

==12024==ERROR: AddressSanitizer: heap-use-after-free on address 0x622000153100
at pc 0x7fffea46c797 bp 0x7fffffffd2c0 sp 0x7fffffffd2b0
READ of size 4 at 0x622000153100 thread T0
    #0 0x7fffea46c796 in solve_address_to_name epan/addr_resolv.c:1041
    #1 0x7fffea473ed8 in address_to_display epan/addr_resolv.c:3007
    #2 0x5baf8b in rtpstream_view_selection_func ui/gtk/rtp_stream_dlg.c:637
    #3 0x7ffff6931351 (/usr/lib/libgtk-3.so.0+0x2f0351)
    #4 0x7ffff69313e2 (/usr/lib/libgtk-3.so.0+0x2f03e2)
    #5 0x7ffff6931dc5 (/usr/lib/libgtk-3.so.0+0x2f0dc5)
    #6 0x7ffff69457d3 (/usr/lib/libgtk-3.so.0+0x3047d3)
    #7 0x7ffff6948495 (/usr/lib/libgtk-3.so.0+0x307495)
    #8 0x7ffff5796431 in g_closure_invoke
(/usr/lib/libgobject-2.0.so.0+0x10431)
    #9 0x7ffff57a8afb (/usr/lib/libgobject-2.0.so.0+0x22afb)
    #10 0x7ffff57b1787 in g_signal_emit_valist
(/usr/lib/libgobject-2.0.so.0+0x2b787)
    #11 0x7ffff57b19ee in g_signal_emit (/usr/lib/libgobject-2.0.so.0+0x2b9ee)
    #12 0x7ffff6829d94 in gtk_list_store_remove
(/usr/lib/libgtk-3.so.0+0x1e8d94)
    #13 0x7ffff682a4fe in gtk_list_store_clear
(/usr/lib/libgtk-3.so.0+0x1e94fe)
    #14 0x5bcfa1 in rtpstream_dlg_update ui/gtk/rtp_stream_dlg.c:1091
    #15 0x5bd0e6 in rtpstream_tap_draw ui/gtk/rtp_stream_dlg.c:1111
    #16 0x77d0f6 in rtpstream_draw ui/rtp_stream.c:59
    #17 0x7fffea58705a in draw_tap_listeners epan/tap.c:415
    #18 0x4858ed in tap_update_cb ui/gtk/main.c:1308
    #19 0x7ffff54c3823 (/usr/lib/libglib-2.0.so.0+0x4b823)
    #20 0x7ffff54c2d4d in g_main_context_dispatch
(/usr/lib/libglib-2.0.so.0+0x4ad4d)
    #21 0x7ffff54c3127 (/usr/lib/libglib-2.0.so.0+0x4b127)
    #22 0x7ffff54c3471 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x4b471)
    #23 0x7ffff682d174 in gtk_main (/usr/lib/libgtk-3.so.0+0x1ec174)
    #24 0x48ab58 in main ui/gtk/main.c:3250
    #25 0x7fffe20c47ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff)
    #26 0x424348 in _start (/tmp/wsbuild/run/wireshark-gtk+0x424348)

0x622000153100 is located 0 bytes inside of 5192-byte region
[0x622000153100,0x622000154548)
freed by thread T0 here:
    #0 0x7ffff6f5752f in __interceptor_free (/usr/lib/libasan.so.1+0x5752f)
    #1 0x7819a2 in rtpstream_reset ui/tap-rtp-common.c:80
    #2 0x781c2d in rtpstream_reset_cb ui/tap-rtp-common.c:96
    #3 0x7fffea586e45 in reset_tap_listeners epan/tap.c:392
    #4 0x43e24f in cf_retap_packets file.c:2373
    #5 0x5ac939 in on_refresh_bt_clicked ui/gtk/rtp_analysis.c:2064
    #6 0x5b7ff0 in rtp_analysis ui/gtk/rtp_analysis.c:3914
    #7 0x5babf9 in rtpstream_on_analyse ui/gtk/rtp_stream_dlg.c:539
    #8 0x7ffff5796654 (/usr/lib/libgobject-2.0.so.0+0x10654)
    #9 0x7ffff57b1096 in g_signal_emit_valist
(/usr/lib/libgobject-2.0.so.0+0x2b096)
    #10 0x7ffff57b19ee in g_signal_emit (/usr/lib/libgobject-2.0.so.0+0x2b9ee)
    #11 0x7ffff6748afc (/usr/lib/libgtk-3.so.0+0x107afc)

previously allocated by thread T0 here:
    #0 0x7ffff6f577a7 in malloc (/usr/lib/libasan.so.1+0x577a7)
    #1 0x7ffff54c8cf1 in g_malloc (/usr/lib/libglib-2.0.so.0+0x50cf1)
    #2 0x7834df in rtpstream_packet ui/tap-rtp-common.c:235
    #3 0x7fffea586b02 in tap_push_tapped_queue epan/tap.c:331
    #4 0x7fffea4ade7b in epan_dissect_run_with_taps epan/epan.c:344
    #5 0x43e120 in retap_packet file.c:2338
    #6 0x43de42 in process_specified_records file.c:2308
    #7 0x43e317 in cf_retap_packets file.c:2382
    #8 0x77d24d in rtpstream_scan ui/rtp_stream.c:80
    #9 0x5bd1a0 in rtpstream_launch ui/gtk/rtp_stream_dlg.c:1156
    #10 0x7ffff5796431 in g_closure_invoke
(/usr/lib/libgobject-2.0.so.0+0x10431)
    #11 0x7ffff57a8afb (/usr/lib/libgobject-2.0.so.0+0x22afb)
    #12 0x7ffff57b1787 in g_signal_emit_valist
(/usr/lib/libgobject-2.0.so.0+0x2b787)
    #13 0x7ffff57b19ee in g_signal_emit (/usr/lib/libgobject-2.0.so.0+0x2b9ee)
    #14 0x7ffff66dfc5f (/usr/lib/libgtk-3.so.0+0x9ec5f)

SUMMARY: AddressSanitizer: heap-use-after-free epan/addr_resolv.c:1041
solve_address_to_name


You are receiving this mail because:
  • You are watching all bug changes.