Wireshark-bugs: [Wireshark-bugs] [Bug 11585] Buildbot crash output: fuzz-2015-10-10-13251.pcap
Date: Mon, 12 Oct 2015 20:55:55 +0000
What | Removed | Added |
---|---|---|
CC | peter@lekensteyn.nl |
Comment # 1
on bug 11585
from Peter Wu
With v2.1.0rc0-69-g2eb7e87 I get these reports from the packet,could it be related? epan/crypt/airpdcap_ccmp.c:228:7: runtime error: left shift of 170 by 24 places cannot be represented in type 'int' #0 0x7f753d854906 in AirPDcapCcmpDecrypt epan/crypt/airpdcap_ccmp.c:228:7 #1 0x7f753d8439ff in AirPDcapRsnaMng epan/crypt/airpdcap.c:1023:22 #2 0x7f753d83f577 in AirPDcapPacketProcess epan/crypt/airpdcap.c:747:21 #3 0x7f753ea18e50 in try_decrypt epan/dissectors/packet-ieee80211.c:18675:7 #4 0x7f753ea11802 in dissect_ieee80211_common epan/dissectors/packet-ieee80211.c:17816:16 #5 0x7f753e9df995 in dissect_ieee80211 epan/dissectors/packet-ieee80211.c:18317:10 #6 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9 #7 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #8 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8 #9 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8 #10 0x7f753e98dcb8 in dissect_wlan_radio epan/dissectors/packet-ieee80211-radio.c:976:10 #11 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9 #12 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #13 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8 #14 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8 #15 0x7f753e9a9d04 in dissect_radiotap epan/dissectors/packet-ieee80211-radiotap.c:1801:2 #16 0x7f753d5dabce in call_dissector_through_handle epan/packet.c:620:3 #17 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #18 0x7f753d5c79d1 in dissector_try_uint_new epan/packet.c:1163:9 #19 0x7f753e67eb74 in dissect_frame epan/dissectors/packet-frame.c:499:11 #20 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9 #21 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #22 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8 #23 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8 #24 0x7f753d5c0a19 in dissect_record epan/packet.c:498:3 #25 0x7f753d52c958 in epan_dissect_run_with_taps epan/epan.c:345:2 #26 0x5589dbfda212 in process_packet tshark.c:3725:5 #27 0x5589dbfd28e0 in load_cap_file tshark.c:3481:11 #28 0x5589dbfc892d in main tshark.c:2206:13 #29 0x7f75332d760f in __libc_start_main (/usr/lib/libc.so.6+0x2060f) #30 0x5589dbee5988 in _start (/tmp/wsbuild/run/tshark+0xc3988) SUMMARY: AddressSanitizer: undefined-behavior epan/crypt/airpdcap_ccmp.c:228:7 in epan/tvbuff.c:783:17: runtime error: null pointer passed as argument 1, which is declared to never be null /usr/include/string.h:43:28: note: nonnull attribute specified here #0 0x7f753d79f102 in tvb_memcpy epan/tvbuff.c:783:10 #1 0x7f753d79f9d5 in tvb_memdup epan/tvbuff.c:830:9 #2 0x7f753e9994e6 in dissect_radiotap epan/dissectors/packet-ieee80211-radiotap.c:623:9 #3 0x7f753d5dabce in call_dissector_through_handle epan/packet.c:620:3 #4 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #5 0x7f753d5c79d1 in dissector_try_uint_new epan/packet.c:1163:9 #6 0x7f753e67eb74 in dissect_frame epan/dissectors/packet-frame.c:499:11 #7 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9 #8 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #9 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8 #10 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8 #11 0x7f753d5c0a19 in dissect_record epan/packet.c:498:3 #12 0x7f753d52c958 in epan_dissect_run_with_taps epan/epan.c:345:2 #13 0x5589dbfda212 in process_packet tshark.c:3725:5 #14 0x5589dbfd28e0 in load_cap_file tshark.c:3481:11 #15 0x5589dbfc892d in main tshark.c:2206:13 #16 0x7f75332d760f in __libc_start_main (/usr/lib/libc.so.6+0x2060f) #17 0x5589dbee5988 in _start (/tmp/wsbuild/run/tshark+0xc3988) SUMMARY: AddressSanitizer: undefined-behavior epan/tvbuff.c:783:17 in epan/dissectors/packet-ieee80211.c:16400:37: runtime error: left shift of 161 by 24 places cannot be represented in type 'int' #0 0x7f753ea189ef in crc32_802_tvb_padded epan/dissectors/packet-ieee80211.c:16400:37 #1 0x7f753ea0d510 in dissect_ieee80211_common epan/dissectors/packet-ieee80211.c:17524:19 #2 0x7f753e9df995 in dissect_ieee80211 epan/dissectors/packet-ieee80211.c:18317:10 #3 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9 #4 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #5 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8 #6 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8 #7 0x7f753e98dcb8 in dissect_wlan_radio epan/dissectors/packet-ieee80211-radio.c:976:10 #8 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9 #9 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #10 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8 #11 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8 #12 0x7f753e9a9d04 in dissect_radiotap epan/dissectors/packet-ieee80211-radiotap.c:1801:2 #13 0x7f753d5dabce in call_dissector_through_handle epan/packet.c:620:3 #14 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #15 0x7f753d5c79d1 in dissector_try_uint_new epan/packet.c:1163:9 #16 0x7f753e67eb74 in dissect_frame epan/dissectors/packet-frame.c:499:11 #17 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9 #18 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9 #19 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8 #20 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8 #21 0x7f753d5c0a19 in dissect_record epan/packet.c:498:3 #22 0x7f753d52c958 in epan_dissect_run_with_taps epan/epan.c:345:2 #23 0x5589dbfda212 in process_packet tshark.c:3725:5 #24 0x5589dbfd28e0 in load_cap_file tshark.c:3481:11 #25 0x5589dbfc892d in main tshark.c:2206:13 #26 0x7f75332d760f in __libc_start_main (/usr/lib/libc.so.6+0x2060f) #27 0x5589dbee5988 in _start (/tmp/wsbuild/run/tshark+0xc3988) SUMMARY: AddressSanitizer: undefined-behavior epan/dissectors/packet-ieee80211.c:16400:37 in
You are receiving this mail because:
- You are watching all bug changes.
- References:
- [Wireshark-bugs] [Bug 11585] New: Buildbot crash output: fuzz-2015-10-10-13251.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11585] New: Buildbot crash output: fuzz-2015-10-10-13251.pcap
- Prev by Date: [Wireshark-bugs] [Bug 11574] console.lua loading not support Unicode path
- Next by Date: [Wireshark-bugs] [Bug 11392] Add P-CSCF options for IKEv2 Configuration Payload Attribute Types
- Previous by thread: [Wireshark-bugs] [Bug 11585] New: Buildbot crash output: fuzz-2015-10-10-13251.pcap
- Next by thread: [Wireshark-bugs] [Bug 11585] Buildbot crash output: fuzz-2015-10-10-13251.pcap
- Index(es):