Wireshark-bugs: [Wireshark-bugs] [Bug 9887] Capture causes crash with Telephony->Voip calls
Peter Wu
changed
bug 9887
What |
Removed |
Added |
CC |
|
peter@lekensteyn.nl
|
Comment # 5
on bug 9887
from Peter Wu
Created attachment 13930 [details]
full UndefinedBehaviorSanitizer output for wireshark -r
fuzz-2014-03-13-20306.pcap -Y h261
Opening the capture just gives these ubsan errors, but it does not crash
(v2.1.0rc0-204-gc1331a1 + https://code.wireshark.org/review/11194).
epan/dissectors/packet-per.c:1107:11: runtime error: left shift of negative
value -1
#0 0x7f2596615b65 in dissect_per_integer
epan/dissectors/packet-per.c:1107:11
#1 0x7f2597feae77 in dissect_t38_INTEGER ../../asn1/t38/t38.cnf:285:12
#2 0x7f2596628485 in dissect_per_sequence
epan/dissectors/packet-per.c:1874:12
#3 0x7f2597feadd4 in dissect_t38_T_fec_info ../../asn1/t38/t38.cnf:322:12
#4 0x7f2596624fd5 in dissect_per_choice
epan/dissectors/packet-per.c:1722:13
#5 0x7f2597fe1311 in dissect_t38_T_error_recovery
../../asn1/t38/t38.cnf:260:12
#6 0x7f2596628485 in dissect_per_sequence
epan/dissectors/packet-per.c:1874:12
#7 0x7f2597fe070e in dissect_t38_UDPTLPacket ../../asn1/t38/t38.cnf:235:12
#8 0x7f2597fdfe1f in dissect_UDPTLPacket_PDU ../../asn1/t38/t38.cnf:255:12
#9 0x7f2597fda132 in dissect_t38_udp
../../asn1/t38/packet-t38-template.c:544:11
epan/dissectors/packet-sdp.c:2632:18: runtime error: index -1 out of bounds for
type 'transport_media_pt_t [4]'
#0 0x7f2596a859d8 in dissect_sdp epan/dissectors/packet-sdp.c:2632:43
epan/dissectors/packet-sdp.c:2634:38: runtime error: index -1 out of bounds for
type 'transport_media_pt_t [4]'
#0 0x7f2596a85b6c in dissect_sdp epan/dissectors/packet-sdp.c:2634:63
epan/dissectors/packet-sdp.c:2635:17: runtime error: index -1 out of bounds for
type 'transport_media_pt_t [4]'
#0 0x7f2596a85cde in dissect_sdp epan/dissectors/packet-sdp.c:2635:42
asn1/t38/packet-t38-template.c:495:35: runtime error: member access within null
pointer of type 't38_conv' (aka 'struct _t38_conv')
#0 0x7f2597fde6ad in init_t38_info_conv
../../asn1/t38/packet-t38-template.c:495:35
#1 0x7f2597fda022 in dissect_t38_udp
../../asn1/t38/packet-t38-template.c:535:2
asn1/t38/packet-t38-template.c:492:35: runtime error: member access within null
pointer of type 't38_conv' (aka 'struct _t38_conv')
#0 0x7f2597fde5d4 in init_t38_info_conv
../../asn1/t38/packet-t38-template.c:492:35
#1 0x7f2597fda022 in dissect_t38_udp
../../asn1/t38/packet-t38-template.c:535:2
You are receiving this mail because:
- You are watching all bug changes.