http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1983
Summary: Editcap crash during fuzztest
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Low
Component: Extras
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: florent.drouin@xxxxxxxxxx
Build Information:
~/wireshark_TRUNK23440$ ./wireshark -v
wireshark 0.99.7
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.6.4, with GLib 2.6.4, with libpcap 0.9-PRE-CVS, with libz
1.2.2, with libpcre 4.5, without SMI, with ADNS, without Lua, with GnuTLS
1.0.16, with Gcrypt 1.2.0, with Heimdal Kerberos, without PortAudio, without
AirPcap.
Running on Linux 2.6.15.7, with libpcap version 0.9-PRE-CVS.
Built using gcc 3.3.5 (Debian 1:3.3.5-13).
--
During fuzztesting of ERF files, there is a crash with editcap:
<<
Starting pass 9:
/home/endace/Traces/Endace/eth.erf: ./tools/fuzz-test.sh: line 153: 11903
Segmentation fault (core dumped) "$EDITCAP" -E $ERR_PROB "$CF"
$TMP_DIR/$TMP_FILE >/dev/null 2>&1
./tools/fuzz-test.sh: line 153: 11916 Aborted (core dumped)
"$EDITCAP" -E $ERR_PROB -T ether "$CF" $TMP_DIR/$TMP_FILE >/dev/null 2>&1
Invalid format for editcap
>>
The reason of the crash is the size of the buffer allocated for the record to
dump. On the ERF file, the size of the record is 1518 bytes, and the size of
the frame_buffer is hardcoded in file_access.c to 1500 bytes.
<<
wtap* wtap_open_offline(const char *filename, int *err, char **err_info,
gboolean do_random)
../..
success:
wth->frame_buffer = g_malloc(sizeof(struct Buffer));
buffer_init(wth->frame_buffer, 1500); <=== here
return wth;
}
>>
I do not find the mechanisme to change the size of this frame buffer, at the
opening of an ERF file.
Do there is something missing in the erf_open function ?
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.