https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3559
Summary: fuzz testing crashes wireshark in packet-ipmi-se.c:2746
Product: Wireshark
Version: SVN
Platform: Other
OS/Version: All
Status: NEW
Severity: Critical
Priority: High
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: yamisoe@xxxxxxxxx
Build Information:
Version 1.3.0 (SVN Rev 28767)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, with Lua 5.1, without Python, with GnuTLS 2.4.2, with
Gcrypt 1.4.1, without Kerberos, without GeoIP, without PortAudio, without
AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.28-11-generic, with libpcap version 1.0.0, GnuTLS 2.4.2,
Gcrypt 1.4.1.
Built using gcc 4.3.3.
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The capture file is attached.
The backtrace is:
(gdb) bt
#0 0xb6e54875 in add_events (tvb=0xa2d3a78, offs=5, tree=0xa2d11e8,
tfs=0xb77e7a40, desc=0xb753cde8 "Enabled events") at packet-ipmi-se.c:2746
#1 0xb6e54b23 in rs29 (tvb=0xa2d3a78, tree=0xa2d11e8) at packet-ipmi-se.c:2786
#2 0xb69e8cd4 in ipmi_do_dissect (tvb=0xa1ea2c8, ipmi_tree=0xa2d14a0,
dfmt=0xbffdd4a4) at packet-ipmi.c:1330
#3 0xb69e984b in dissect_ipmi (tvb=0xa1ea2c8, pinfo=0xa2d0ee0, tree=0xa2d1950)
at packet-ipmi.c:1381
#4 0xb6699765 in call_dissector_through_handle (handle=0x9e2a1e8,
tvb=0xa1ea2c8, pinfo=0xa2d0ee0, tree=0xa2d1950) at packet.c:406
#5 0xb6699f2e in call_dissector_work (handle=0x9e2a1e8, tvb=0xa1ea2c8,
pinfo_arg=0xa2d0ee0, tree=0xa2d1950, add_proto_name=1) at packet.c:497
#6 0xb669a0ca in call_dissector (handle=0x9e2a1e8, tvb=0xa1ea2c8,
pinfo=0xa2d0ee0, tree=0xa2d1950) at packet.c:1813
#7 0xb69e9beb in dissect_ipmi_session (tvb=0xa2d3838, pinfo=0xa2d0ee0,
tree=0xa2d1950) at packet-ipmi-session.c:247
#8 0xb6699765 in call_dissector_through_handle (handle=0xa2127d0,
tvb=0xa2d3838, pinfo=0xa2d0ee0, tree=0xa2d1950) at packet.c:406
#9 0xb6699f2e in call_dissector_work (handle=0xa2127d0, tvb=0xa2d3838,
pinfo_arg=0xa2d0ee0, tree=0xa2d1950, add_proto_name=1) at packet.c:497
#10 0xb669b139 in dissector_try_port_new (sub_dissectors=0x9f29290, port=7,
tvb=0xa2d3838, pinfo=0xa2d0ee0, tree=0xa2d1950, add_proto_name=1) at
packet.c:883
#11 0xb669b1a1 in dissector_try_port (sub_dissectors=0x9f29290, port=7,
tvb=0xa2d3838, pinfo=0xa2d0ee0, tree=0xa2d1950) at packet.c:909
#12 0xb6b88539 in dissect_rmcp (tvb=0xa2d3738, pinfo=0xa2d0ee0, tree=0xa2d1950)
at packet-rmcp.c:143
#13 0xb669979c in call_dissector_through_handle (handle=0xa23f008,
tvb=0xa2d3738, pinfo=0xa2d0ee0, tree=0xa2d1950) at packet.c:402
#14 0xb6699f2e in call_dissector_work (handle=0xa23f008, tvb=0xa2d3738,
pinfo_arg=0xa2d0ee0, tree=0xa2d1950, add_proto_name=1) at packet.c:497
#15 0xb669b139 in dissector_try_port_new (sub_dissectors=0xa104400, port=623,
tvb=0xa2d3738, pinfo=0xa2d0ee0, tree=0xa2d1950, add_proto_name=1)
at packet.c:883
#16 0xb669b1a1 in dissector_try_port (sub_dissectors=0xa104400, port=623,
tvb=0xa2d3738, pinfo=0xa2d0ee0, tree=0xa2d1950) at packet.c:909
#17 0xb6cb63b4 in decode_udp_ports (tvb=0xa2d38e0, offset=8, pinfo=0xa2d0ee0,
tree=0xa2d1950, uh_sport=623, uh_dport=623, uh_ulen=48) at packet-udp.c:286
#18 0xb6cb6b3b in dissect (tvb=0xa2d38e0, pinfo=0xa2d0ee0, tree=0xa2d1950,
ip_proto=17) at packet-udp.c:596
/* others omitted */
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.