Wireshark-bugs: [Wireshark-bugs] [Bug 10605] Buildbot crash output: fuzz-2014-10-22-28529.pcap
Date: Thu, 10 Sep 2015 15:47:03 +0000
What | Removed | Added |
---|---|---|
CC | peter@lekensteyn.nl |
Comment # 1
on bug 10605
from Peter Wu
The problem still occurs in v1.99.10rc0-78-g61f07f1. Backtrace: #0 proto_report_dissector_bug (message=message@entry=0x7fffd628f0a0 "epan/reassemble.c:1681: failed assertion \"fd_head->len >= dfpos + fd->len\"") at epan/proto.c:1273 #1 0x00007fffebd87850 in fragment_add_seq_work (fd_head=fd_head@entry=0x6060000eb460, tvb=tvb@entry=0x6070002ccda0, offset=offset@entry=3, pinfo=pinfo@entry=0x61300000db18, frag_number=frag_number@entry=0, frag_data_len=frag_data_len@entry=53, more_frags=0) at epan/reassemble.c:1681 #2 0x00007fffebd883b9 in fragment_add_seq_common (table=table@entry=0x7ffff67e9300 <npdu_reassembly_table>, tvb=tvb@entry=0x6070002ccda0, offset=offset@entry=3, pinfo=pinfo@entry=0x61300000db18, id=id@entry=0, data="" frag_number=0, frag_data_len=53, more_frags=0, flags=4, orig_keyp=0x7fffffffb4a0) at epan/reassemble.c:1919 #3 0x00007fffebd88688 in fragment_add_seq_check_work (table=table@entry=0x7ffff67e9300 <npdu_reassembly_table>, tvb=tvb@entry=0x6070002ccda0, offset=offset@entry=3, pinfo=pinfo@entry=0x61300000db18, id=id@entry=0, data="" frag_number=0, frag_data_len=53, more_frags=0, flags=0) at epan/reassemble.c:2000 #4 0x00007fffebd8c1a9 in fragment_add_seq_check (table=table@entry=0x7ffff67e9300 <npdu_reassembly_table>, tvb=tvb@entry=0x6070002ccda0, offset=offset@entry=3, pinfo=pinfo@entry=0x61300000db18, id=id@entry=0, data="" frag_number=0, frag_data_len=53, more_frags=0) at epan/reassemble.c:2044 #5 0x00007fffecab79ef in dissect_sndcp (tvb=0x6070002ccda0, pinfo=0x61300000db18, tree=0x60400006d050) at epan/dissectors/packet-sndcp.c:331 #6 0x00007fffebd25c70 in call_dissector_through_handle (handle=handle@entry=0x7fffd8ac9ee0, tvb=tvb@entry=0x6070002ccda0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:620 #7 0x00007fffebd26e0d in call_dissector_work (handle=handle@entry=0x7fffd8ac9ee0, tvb=tvb@entry=0x6070002ccda0, pinfo_arg=pinfo_arg@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #8 0x00007fffebd284df in dissector_try_uint_new (sub_dissectors=<optimized out>, uint_val=uint_val@entry=3, tvb=tvb@entry=0x6070002ccda0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:1163 #9 0x00007fffebd28567 in dissector_try_uint (sub_dissectors=<optimized out>, uint_val=uint_val@entry=3, tvb=tvb@entry=0x6070002ccda0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050) at epan/packet.c:1189 #10 0x00007fffec35bb4c in dissect_llcgprs (tvb=0x6070002cce10, pinfo=<optimized out>, tree=0x60400006d050) at epan/dissectors/packet-gprs-llc.c:996 #11 0x00007fffebd25c70 in call_dissector_through_handle (handle=handle@entry=0x7fffd8aa0570, tvb=tvb@entry=0x6070002cce10, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:620 #12 0x00007fffebd26e0d in call_dissector_work (handle=0x7fffd8aa0570, tvb=0x6070002cce10, pinfo_arg=0x61300000db18, tree=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #13 0x00007fffebd2c7b0 in call_dissector_only (handle=<optimized out>, tvb=tvb@entry=0x6070002cce10, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:2570 #14 0x00007fffebd2c7cb in call_dissector_with_data (handle=<optimized out>, tvb=tvb@entry=0x6070002cce10, pinfo=pinfo@entry=0x61300000db18, tree=0x60400006d050, data="" at epan/packet.c:2583 #15 0x00007fffebd2e71c in call_dissector (handle=<optimized out>, tvb=tvb@entry=0x6070002cce10, pinfo=pinfo@entry=0x61300000db18, tree=<optimized out>) at epan/packet.c:2600 #16 0x00007fffec00dccc in de_bssgp_llc_pdu (tvb=<optimized out>, tree=0x7fffd6494ff0, pinfo=0x61300000db18, offset=<optimized out>, len=62, add_string=<optimized out>, string_len=1024) at epan/dissectors/packet-bssgp.c:943 #17 0x00007fffec3748df in elem_telv (tvb=tvb@entry=0x6070002cce80, tree=tree@entry=0x7fffd64936c0, pinfo=pinfo@entry=0x61300000db18, iei=iei@entry=14 '\016', pdu_type=pdu_type@entry=13, idx=idx@entry=14, offset=20, len=64, name_add=0x0) at epan/dissectors/packet-gsm_a_common.c:1399 #18 0x00007fffec0178ed in bssgp_ul_unitdata (tvb=0x6070002cce80, tree=0x7fffd64936c0, pinfo=0x61300000db18, offset=<optimized out>, len=<optimized out>) at epan/dissectors/packet-bssgp.c:4047 #19 0x00007fffec017000 in dissect_bssgp (tvb=0x6070002cce80, pinfo=0x61300000db18, tree=<optimized out>) at epan/dissectors/packet-bssgp.c:6444 #20 0x00007fffebd25c70 in call_dissector_through_handle (handle=handle@entry=0x7fffd88ceed0, tvb=tvb@entry=0x6070002cce80, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:620 #21 0x00007fffebd26e0d in call_dissector_work (handle=0x7fffd88ceed0, tvb=0x6070002cce80, pinfo_arg=0x61300000db18, tree=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #22 0x00007fffebd2c7b0 in call_dissector_only (handle=handle@entry=0x7fffd88ceed0, tvb=tvb@entry=0x6070002cce80, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:2570 #23 0x00007fffebd2c7cb in call_dissector_with_data (handle=handle@entry=0x7fffd88ceed0, tvb=tvb@entry=0x6070002cce80, pinfo=0x61300000db18, tree=0x60400006d050, data="" at epan/packet.c:2583 #24 0x00007fffebd2e71c in call_dissector (handle=handle@entry=0x7fffd88ceed0, tvb=tvb@entry=0x6070002cce80, pinfo=<optimized out>, tree=<optimized out>) at epan/packet.c:2600 #25 0x00007fffec795a68 in decode_pdu_ns_unitdata (bi=0x7fffffffbe90) at epan/dissectors/packet-nsip.c:700 #26 0x00007fffec7964f9 in decode_pdu (pdu_type=pdu_type@entry=0 '\000', bi=bi@entry=0x7fffffffbe90) at epan/dissectors/packet-nsip.c:872 #27 0x00007fffec79689b in dissect_nsip (tvb=<optimized out>, pinfo=0x61300000db18, tree=<optimized out>) at epan/dissectors/packet-nsip.c:959 #28 0x00007fffebd25c70 in call_dissector_through_handle (handle=handle@entry=0x7fffd8abdcb0, tvb=tvb@entry=0x6070002ccef0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:620 #29 0x00007fffebd26e0d in call_dissector_work (handle=handle@entry=0x7fffd8abdcb0, tvb=tvb@entry=0x6070002ccef0, pinfo_arg=pinfo_arg@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #30 0x00007fffebd284df in dissector_try_uint_new (sub_dissectors=<optimized out>, uint_val=uint_val@entry=2157, tvb=tvb@entry=0x6070002ccef0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:1163 #31 0x00007fffebd28567 in dissector_try_uint (sub_dissectors=<optimized out>, uint_val=uint_val@entry=2157, tvb=tvb@entry=0x6070002ccef0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050) at epan/packet.c:1189 #32 0x00007fffecb81f98 in decode_udp_ports (tvb=tvb@entry=0x6070002ccf60, offset=offset@entry=8, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, uh_sport=<optimized out>, uh_dport=uh_dport@entry=2157, uh_ulen=96) at epan/dissectors/packet-udp.c:542 #33 0x00007fffecb8679e in dissect (tvb=0x6070002ccf60, pinfo=0x61300000db18, tree=<optimized out>, ip_proto=ip_proto@entry=17) at epan/dissectors/packet-udp.c:1018 #34 0x00007fffecb86846 in dissect_udp (tvb=<optimized out>, pinfo=<optimized out>, tree=<optimized out>) at epan/dissectors/packet-udp.c:1025 #35 0x00007fffebd25c70 in call_dissector_through_handle (handle=handle@entry=0x7fffd8ecdda0, tvb=tvb@entry=0x6070002ccf60, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:620 #36 0x00007fffebd26e0d in call_dissector_work (handle=handle@entry=0x7fffd8ecdda0, tvb=tvb@entry=0x6070002ccf60, pinfo_arg=pinfo_arg@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #37 0x00007fffebd284df in dissector_try_uint_new (sub_dissectors=<optimized out>, uint_val=17, tvb=tvb@entry=0x6070002ccf60, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:1163 #38 0x00007fffec4c5b15 in ip_try_dissect (heur_first=0, tvb=tvb@entry=0x6070002ccf60, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, iph=iph@entry=0x7fffd628d820) at epan/dissectors/packet-ip.c:1972 #39 0x00007fffec4c9bc5 in dissect_ip_v4 (tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, parent_tree=parent_tree@entry=0x60400006d050) at epan/dissectors/packet-ip.c:2459 #40 0x00007fffec4c9dac in dissect_ip (tvb=0x6080000525a0, pinfo=0x61300000db18, tree=0x60400006d050) at epan/dissectors/packet-ip.c:2481 #41 0x00007fffebd25c70 in call_dissector_through_handle (handle=handle@entry=0x7fffd8a9b7c0, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:620 #42 0x00007fffebd26e0d in call_dissector_work (handle=0x7fffd8a9b7c0, tvb=0x6080000525a0, pinfo_arg=0x61300000db18, tree=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #43 0x00007fffebd2c7b0 in call_dissector_only (handle=<optimized out>, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:2570 #44 0x00007fffebd2c7cb in call_dissector_with_data (handle=<optimized out>, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:2583 #45 0x00007fffebd2e71c in call_dissector (handle=<optimized out>, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050) at epan/packet.c:2600 #46 0x00007fffec891427 in dissect_raw (tvb=0x6080000525a0, pinfo=0x61300000db18, tree=0x60400006d050) at epan/dissectors/packet-raw.c:149 #47 0x00007fffebd25c70 in call_dissector_through_handle (handle=handle@entry=0x7fffd8fb50a0, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:620 #48 0x00007fffebd26e0d in call_dissector_work (handle=handle@entry=0x7fffd8fb50a0, tvb=tvb@entry=0x6080000525a0, pinfo_arg=pinfo_arg@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #49 0x00007fffebd284df in dissector_try_uint_new (sub_dissectors=<optimized out>, uint_val=7, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:1163 #50 0x00007fffec328045 in dissect_frame (tvb=<optimized out>, pinfo=<optimized out>, parent_tree=<optimized out>, data="" out>) at epan/dissectors/packet-frame.c:499 #51 0x00007fffebd25c2d in call_dissector_through_handle (handle=handle@entry=0x7fffd8a81d10, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:618 #52 0x00007fffebd26e0d in call_dissector_work (handle=0x7fffd8a81d10, tvb=0x6080000525a0, pinfo_arg=0x61300000db18, tree=0x60400006d050, add_proto_name=add_proto_name@entry=1, data="" at epan/packet.c:706 #53 0x00007fffebd2c7b0 in call_dissector_only (handle=<optimized out>, tvb=tvb@entry=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=tree@entry=0x60400006d050, data="" at epan/packet.c:2570 #54 0x00007fffebd2c7cb in call_dissector_with_data (handle=<optimized out>, tvb=0x6080000525a0, pinfo=pinfo@entry=0x61300000db18, tree=0x60400006d050, data="" at epan/packet.c:2583 #55 0x00007fffebd2d521 in dissect_record (edt=edt@entry=0x61300000db00, file_type_subtype=file_type_subtype@entry=2, phdr=phdr@entry=0x61400000ea60, tvb=tvb@entry=0x6080000525a0, fd=fd@entry=0x7fffffffd2f0, cinfo=cinfo@entry=0x0) at epan/packet.c:498 #56 0x00007fffebcfda64 in epan_dissect_run_with_taps (edt=edt@entry=0x61300000db00, file_type_subtype=2, phdr=phdr@entry=0x61400000ea60, tvb=tvb@entry=0x6080000525a0, fd=fd@entry=0x7fffffffd2f0, cinfo=cinfo@entry=0x0) at epan/epan.c:345 #57 0x00000000004168aa in process_packet (cf=cf@entry=0x7769c0 <cfile>, edt=edt@entry=0x61300000db00, offset=<optimized out>, whdr=<optimized out>, pd=pd@entry=0x61b000012d80 "E", tap_flags=tap_flags@entry=0) at tshark.c:3719 #58 0x0000000000418485 in load_cap_file (cf=cf@entry=0x7769c0 <cfile>, save_file=<optimized out>, out_file_type=<optimized out>, out_file_name_res=<optimized out>, max_packet_count=-338, max_byte_count=<optimized out>) at tshark.c:3475 #59 0x000000000041d338 in main (argc=5, argv=0x7fffffffe278) at tshark.c:2200
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 11518] New: Possible problems with fragment_add and zero-lengths fragment data lengths
- Next by Date: [Wireshark-bugs] [Bug 11400] Cannot launch GTK+ version of wireshark as a normal user
- Previous by thread: [Wireshark-bugs] [Bug 11518] New: Possible problems with fragment_add and zero-lengths fragment data lengths
- Next by thread: [Wireshark-bugs] [Bug 11400] Cannot launch GTK+ version of wireshark as a normal user
- Index(es):