Wireshark-bugs: [Wireshark-bugs] [Bug 13246] New: Uninitialized memcmp on data in daintree-sna.c
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 14 Dec 2016 05:46:05 +0000
Bug ID 13246
Summary Uninitialized memcmp on data in daintree-sna.c
Product Wireshark
Version Git
Hardware x86-64
URL https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=wiretap/daintree-sna.c;h=233c08e2744dc923d868ddca0eddf24908ce6313;hb=7ad655c9b69f017f880dfd1cd1d0ec4a04479e2b#l98
OS Linux (other)
Status UNCONFIRMED
Severity Minor
Priority Low
Component Capture file support (libwiretap)
Assignee bugzilla-admin@wireshark.org
Reporter david@davidmanouchehri.com 

Created attachment 15130 [details]
Sample test case.

Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-1722-g7ad655c)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.48.1, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP,
with nghttp2 1.7.1, with LZ4, with Snappy.

Running on Linux 4.4.0-53-generic, with       Intel(R) Xeon(R) CPU E5-2680 v2 @
2.80GHz (with SSE4.2), with 15038 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5,
with zlib 1.2.8.

Built using clang 4.2.1 Compatible Clang 3.9.1 (branches/release_39).
--
daintree_sna_open() uses memcmp() on readLine, which can be uninitialized.

==00:00:00:00.000 7840== Memcheck, a memory error detector
==00:00:00:00.000 7840== Copyright (C) 2002-2015, and GNU GPL'd, by Julian
Seward et al.
==00:00:00:00.000 7840== Using Valgrind-3.11.0 and LibVEX; rerun with -h for
copyright info
==00:00:00:00.000 7840== Command: ./run/tshark -r daintree_sna_open.pcap
==00:00:00:00.000 7840== Parent PID: 2744
==00:00:00:00.000 7840==
==00:00:00:21.219 7840== Conditional jump or move depends on uninitialised
value(s)
==00:00:00:21.219 7840==    at 0x26AA32C: daintree_sna_open (daintree-sna.c:98)
==00:00:00:21.219 7840==    by 0x2679FFC: wtap_open_offline
(file_access.c:1047)
==00:00:00:21.219 7840==    by 0x19CB3BA: cf_open (tshark.c:3971)
==00:00:00:21.219 7840==    by 0x19C8F87: main (tshark.c:1922)
==00:00:00:21.219 7840==  Uninitialised value was created by a stack allocation
==00:00:00:21.219 7840==    at 0x26AA2F6: daintree_sna_open (daintree-sna.c:86)
==00:00:00:21.219 7840==
==00:00:00:23.065 7840==
==00:00:00:23.065 7840== HEAP SUMMARY:
==00:00:00:23.065 7840==     in use at exit: 6,053,676 bytes in 9,420 blocks
==00:00:00:23.065 7840==   total heap usage: 99,006 allocs, 89,586 frees,
107,882,967 bytes allocated
==00:00:00:23.065 7840==
==00:00:00:23.065 7840== For a detailed leak analysis, rerun with:
--leak-check=full
==00:00:00:23.065 7840==
==00:00:00:23.065 7840== For counts of detected and suppressed errors, rerun
with: -v
==00:00:00:23.065 7840== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0
from 0)

You are receiving this mail because:
  • You are watching all bug changes.