Wireshark-bugs: [Wireshark-bugs] [Bug 11585] Buildbot crash output: fuzz-2015-10-10-13251.pcap
Date: Mon, 12 Oct 2015 20:55:55 +0000

changed bug 11585


What Removed Added
CC   peter@lekensteyn.nl

Comment # 1 on bug 11585 from
With v2.1.0rc0-69-g2eb7e87 I get these reports from the packet,could it be
related?

epan/crypt/airpdcap_ccmp.c:228:7: runtime error: left shift of 170 by 24 places
cannot be represented in type 'int'
    #0 0x7f753d854906 in AirPDcapCcmpDecrypt epan/crypt/airpdcap_ccmp.c:228:7
    #1 0x7f753d8439ff in AirPDcapRsnaMng epan/crypt/airpdcap.c:1023:22
    #2 0x7f753d83f577 in AirPDcapPacketProcess epan/crypt/airpdcap.c:747:21
    #3 0x7f753ea18e50 in try_decrypt epan/dissectors/packet-ieee80211.c:18675:7
    #4 0x7f753ea11802 in dissect_ieee80211_common
epan/dissectors/packet-ieee80211.c:17816:16
    #5 0x7f753e9df995 in dissect_ieee80211
epan/dissectors/packet-ieee80211.c:18317:10
    #6 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9
    #7 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #8 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8
    #9 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8
    #10 0x7f753e98dcb8 in dissect_wlan_radio
epan/dissectors/packet-ieee80211-radio.c:976:10
    #11 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9
    #12 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #13 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8
    #14 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8
    #15 0x7f753e9a9d04 in dissect_radiotap
epan/dissectors/packet-ieee80211-radiotap.c:1801:2
    #16 0x7f753d5dabce in call_dissector_through_handle epan/packet.c:620:3
    #17 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #18 0x7f753d5c79d1 in dissector_try_uint_new epan/packet.c:1163:9
    #19 0x7f753e67eb74 in dissect_frame epan/dissectors/packet-frame.c:499:11
    #20 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9
    #21 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #22 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8
    #23 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8
    #24 0x7f753d5c0a19 in dissect_record epan/packet.c:498:3
    #25 0x7f753d52c958 in epan_dissect_run_with_taps epan/epan.c:345:2
    #26 0x5589dbfda212 in process_packet tshark.c:3725:5
    #27 0x5589dbfd28e0 in load_cap_file tshark.c:3481:11
    #28 0x5589dbfc892d in main tshark.c:2206:13
    #29 0x7f75332d760f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #30 0x5589dbee5988 in _start (/tmp/wsbuild/run/tshark+0xc3988)

SUMMARY: AddressSanitizer: undefined-behavior epan/crypt/airpdcap_ccmp.c:228:7
in 
epan/tvbuff.c:783:17: runtime error: null pointer passed as argument 1, which
is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here
    #0 0x7f753d79f102 in tvb_memcpy epan/tvbuff.c:783:10
    #1 0x7f753d79f9d5 in tvb_memdup epan/tvbuff.c:830:9
    #2 0x7f753e9994e6 in dissect_radiotap
epan/dissectors/packet-ieee80211-radiotap.c:623:9
    #3 0x7f753d5dabce in call_dissector_through_handle epan/packet.c:620:3
    #4 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #5 0x7f753d5c79d1 in dissector_try_uint_new epan/packet.c:1163:9
    #6 0x7f753e67eb74 in dissect_frame epan/dissectors/packet-frame.c:499:11
    #7 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9
    #8 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #9 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8
    #10 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8
    #11 0x7f753d5c0a19 in dissect_record epan/packet.c:498:3
    #12 0x7f753d52c958 in epan_dissect_run_with_taps epan/epan.c:345:2
    #13 0x5589dbfda212 in process_packet tshark.c:3725:5
    #14 0x5589dbfd28e0 in load_cap_file tshark.c:3481:11
    #15 0x5589dbfc892d in main tshark.c:2206:13
    #16 0x7f75332d760f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #17 0x5589dbee5988 in _start (/tmp/wsbuild/run/tshark+0xc3988)

SUMMARY: AddressSanitizer: undefined-behavior epan/tvbuff.c:783:17 in 
epan/dissectors/packet-ieee80211.c:16400:37: runtime error: left shift of 161
by 24 places cannot be represented in type 'int'
    #0 0x7f753ea189ef in crc32_802_tvb_padded
epan/dissectors/packet-ieee80211.c:16400:37
    #1 0x7f753ea0d510 in dissect_ieee80211_common
epan/dissectors/packet-ieee80211.c:17524:19
    #2 0x7f753e9df995 in dissect_ieee80211
epan/dissectors/packet-ieee80211.c:18317:10
    #3 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9
    #4 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #5 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8
    #6 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8
    #7 0x7f753e98dcb8 in dissect_wlan_radio
epan/dissectors/packet-ieee80211-radio.c:976:10
    #8 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9
    #9 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #10 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8
    #11 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8
    #12 0x7f753e9a9d04 in dissect_radiotap
epan/dissectors/packet-ieee80211-radiotap.c:1801:2
    #13 0x7f753d5dabce in call_dissector_through_handle epan/packet.c:620:3
    #14 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #15 0x7f753d5c79d1 in dissector_try_uint_new epan/packet.c:1163:9
    #16 0x7f753e67eb74 in dissect_frame epan/dissectors/packet-frame.c:499:11
    #17 0x7f753d5daa81 in call_dissector_through_handle epan/packet.c:618:9
    #18 0x7f753d5c88d2 in call_dissector_work epan/packet.c:706:9
    #19 0x7f753d5d5aa7 in call_dissector_only epan/packet.c:2549:8
    #20 0x7f753d5c1664 in call_dissector_with_data epan/packet.c:2562:8
    #21 0x7f753d5c0a19 in dissect_record epan/packet.c:498:3
    #22 0x7f753d52c958 in epan_dissect_run_with_taps epan/epan.c:345:2
    #23 0x5589dbfda212 in process_packet tshark.c:3725:5
    #24 0x5589dbfd28e0 in load_cap_file tshark.c:3481:11
    #25 0x5589dbfc892d in main tshark.c:2206:13
    #26 0x7f75332d760f in __libc_start_main (/usr/lib/libc.so.6+0x2060f)
    #27 0x5589dbee5988 in _start (/tmp/wsbuild/run/tshark+0xc3988)

SUMMARY: AddressSanitizer: undefined-behavior
epan/dissectors/packet-ieee80211.c:16400:37 in


You are receiving this mail because:
  • You are watching all bug changes.