Wireshark-bugs: [Wireshark-bugs] [Bug 2899] crash when loading malformed dns packets

Date: Fri, 26 Sep 2008 02:29:57 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2899





--- Comment #10 from David Maciejak <david.maciejak@xxxxxxxxx>  2008-09-26 02:29:55 PDT ---
Created an attachment (id=2265)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2265)
seg fault

previous poc seem to trigger some memory lost trouble, this one is a seg fault,
see below the tshark gdb backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb60f3b60 (LWP 21687)]
0xb61aae66 in ?? () from /lib/tls/i686/cmov/libc.so.6
(gdb) backtrace
#0  0xb61aae66 in ?? () from /lib/tls/i686/cmov/libc.so.6
#1  0xb61acedd in ?? () from /lib/tls/i686/cmov/libc.so.6
#2  0xb61aecad in malloc () from /lib/tls/i686/cmov/libc.so.6
#3  0xb6525dcd in g_malloc () from /usr/lib/libglib-2.0.so.0
#4  0xb69ccc0e in ep_alloc (size=1149) at emem.c:414
#5  0xb6d61003 in dissect_nbns (tvb=0x846d208, pinfo=0x8474f40, tree=0x846b798)
at packet-nbns.c:422
#6  0xb69d7264 in call_dissector_through_handle (handle=0x83bdda0,
tvb=0x846d208, pinfo=0x8474f40, tree=0x846b798) at packet.c:396
#7  0xb69d79e7 in call_dissector_work (handle=0x83bdda0, tvb=0x846d208,
pinfo_arg=0x8474f40, tree=0x846b798) at packet.c:485
#8  0xb69d8cb9 in dissector_try_port (sub_dissectors=0x834ffa8, port=137,
tvb=0x846d208, pinfo=0x8474f40, tree=0x846b798) at packet.c:870
#9  0xb6f2ddc8 in decode_udp_ports (tvb=0x8366f30, offset=8, pinfo=0x8474f40,
tree=0x846b798, uh_sport=137, uh_dport=137, uh_ulen=58)
    at packet-udp.c:159
#10 0xb6f2e509 in dissect (tvb=0x8366f30, pinfo=0x8474f40, tree=0x846b798,
ip_proto=1114112) at packet-udp.c:427
#11 0xb6f2ee59 in dissect_udp (tvb=0x8366f30, pinfo=0x8474f40, tree=0x846b798)
at packet-udp.c:434
#12 0xb69d7264 in call_dissector_through_handle (handle=0x83eabb8,
tvb=0x8366f30, pinfo=0x8474f40, tree=0x846b798) at packet.c:396
#13 0xb69d79e7 in call_dissector_work (handle=0x83eabb8, tvb=0x8366f30,
pinfo_arg=0x8474f40, tree=0x846b798) at packet.c:485
#14 0xb69d8cb9 in dissector_try_port (sub_dissectors=0x81cfed0, port=17,
tvb=0x8366f30, pinfo=0x8474f40, tree=0x846b798) at packet.c:870
#15 0xb6cba6f8 in dissect_ip (tvb=0x846d598, pinfo=0x8474f40,
parent_tree=0x846b798) at packet-ip.c:1564
#16 0xb69d7264 in call_dissector_through_handle (handle=0x81d03f8,
tvb=0x846d598, pinfo=0x8474f40, tree=0x846b798) at packet.c:396
#17 0xb69d79e7 in call_dissector_work (handle=0x81d03f8, tvb=0x846d598,
pinfo_arg=0x8474f40, tree=0x846b798) at packet.c:485
#18 0xb69d8cb9 in dissector_try_port (sub_dissectors=0x814d368, port=2048,
tvb=0x846d598, pinfo=0x8474f40, tree=0x846b798) at packet.c:870
#19 0xb6bddaa5 in ethertype (etype=2048, tvb=0x846d730, offset_after_etype=16,
pinfo=0x8474f40, tree=0x846b798, fh_tree=0x84617e8, 
    etype_id=52383, trailer_id=52384, fcs_len=0) at packet-ethertype.c:215
#20 0xb6e91246 in dissect_sll (tvb=0x846d730, pinfo=0x8474f40, tree=0x846b798)
at packet-sll.c:281
#21 0xb69d7264 in call_dissector_through_handle (handle=0x83e7d10,
tvb=0x846d730, pinfo=0x8474f40, tree=0x846b798) at packet.c:396
#22 0xb69d79e7 in call_dissector_work (handle=0x83e7d10, tvb=0x846d730,
pinfo_arg=0x8474f40, tree=0x846b798) at packet.c:485
#23 0xb69d8cb9 in dissector_try_port (sub_dissectors=0x8166bc0, port=25,
tvb=0x846d730, pinfo=0x8474f40, tree=0x846b798) at packet.c:870
#24 0xb6c27169 in dissect_frame (tvb=0x846d730, pinfo=0x8474f40,
parent_tree=0x846b798) at packet-frame.c:305
#25 0xb69d7264 in call_dissector_through_handle (handle=0x817bf30,
tvb=0x846d730, pinfo=0x8474f40, tree=0x846b798) at packet.c:396
#26 0xb69d79e7 in call_dissector_work (handle=0x817bf30, tvb=0x846d730,
pinfo_arg=0x8474f40, tree=0x846b798) at packet.c:485
#27 0xb69d7b90 in call_dissector (handle=0x817bf30, tvb=0x846d730,
pinfo=0x8474f40, tree=0x846b798) at packet.c:1787
#28 0xb69d980b in dissect_packet (edt=0x8474f38, pseudo_header=0x84440e4,
pd=0x844a9f0 "", fd=0xbfeaaba4, cinfo=0x0) at packet.c:332
#29 0xb69ce8c4 in epan_dissect_run (edt=0x8474f38, pseudo_header=0x84440e4,
data=0x844a9f0 "", fd=0xbfeaaba4, cinfo=0x0) at epan.c:161
#30 0x08063a9c in process_packet (cf=0x80743c0, offset=73320, whdr=0x84440d0,
pseudo_header=0x84440e4, pd=0x844a9f0 "") at tshark.c:2452
#31 0x080666d8 in main (argc=3, argv=0xbfeaaec4) at tshark.c:2248

hope this help


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.