Wireshark-bugs: [Wireshark-bugs] [Bug 9887] Capture causes crash with Telephony->Voip calls
Date: Wed, 21 Oct 2015 15:42:32 +0000

changed bug 9887


What Removed Added
CC   peter@lekensteyn.nl

Comment # 5 on bug 9887 from
Created attachment 13930 [details]
full UndefinedBehaviorSanitizer output for wireshark -r
fuzz-2014-03-13-20306.pcap -Y h261

Opening the capture just gives these ubsan errors, but it does not crash
(v2.1.0rc0-204-gc1331a1 + https://code.wireshark.org/review/11194).

epan/dissectors/packet-per.c:1107:11: runtime error: left shift of negative
value -1
    #0 0x7f2596615b65 in dissect_per_integer
epan/dissectors/packet-per.c:1107:11
    #1 0x7f2597feae77 in dissect_t38_INTEGER ../../asn1/t38/t38.cnf:285:12
    #2 0x7f2596628485 in dissect_per_sequence
epan/dissectors/packet-per.c:1874:12
    #3 0x7f2597feadd4 in dissect_t38_T_fec_info ../../asn1/t38/t38.cnf:322:12
    #4 0x7f2596624fd5 in dissect_per_choice
epan/dissectors/packet-per.c:1722:13
    #5 0x7f2597fe1311 in dissect_t38_T_error_recovery
../../asn1/t38/t38.cnf:260:12
    #6 0x7f2596628485 in dissect_per_sequence
epan/dissectors/packet-per.c:1874:12
    #7 0x7f2597fe070e in dissect_t38_UDPTLPacket ../../asn1/t38/t38.cnf:235:12
    #8 0x7f2597fdfe1f in dissect_UDPTLPacket_PDU ../../asn1/t38/t38.cnf:255:12
    #9 0x7f2597fda132 in dissect_t38_udp
../../asn1/t38/packet-t38-template.c:544:11


epan/dissectors/packet-sdp.c:2632:18: runtime error: index -1 out of bounds for
type 'transport_media_pt_t [4]'
    #0 0x7f2596a859d8 in dissect_sdp epan/dissectors/packet-sdp.c:2632:43


epan/dissectors/packet-sdp.c:2634:38: runtime error: index -1 out of bounds for
type 'transport_media_pt_t [4]'
    #0 0x7f2596a85b6c in dissect_sdp epan/dissectors/packet-sdp.c:2634:63


epan/dissectors/packet-sdp.c:2635:17: runtime error: index -1 out of bounds for
type 'transport_media_pt_t [4]'
    #0 0x7f2596a85cde in dissect_sdp epan/dissectors/packet-sdp.c:2635:42


asn1/t38/packet-t38-template.c:495:35: runtime error: member access within null
pointer of type 't38_conv' (aka 'struct _t38_conv')
    #0 0x7f2597fde6ad in init_t38_info_conv
../../asn1/t38/packet-t38-template.c:495:35
    #1 0x7f2597fda022 in dissect_t38_udp
../../asn1/t38/packet-t38-template.c:535:2


asn1/t38/packet-t38-template.c:492:35: runtime error: member access within null
pointer of type 't38_conv' (aka 'struct _t38_conv')
    #0 0x7f2597fde5d4 in init_t38_info_conv
../../asn1/t38/packet-t38-template.c:492:35
    #1 0x7f2597fda022 in dissect_t38_udp
../../asn1/t38/packet-t38-template.c:535:2


You are receiving this mail because:
  • You are watching all bug changes.