Wireshark-bugs: [Wireshark-bugs] [Bug 4450] Intermittant crash in http dissector if reassemble h
Date: Tue, 2 Feb 2010 10:32:16 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4450 Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jeff.morriss.ws@xxxxxxxxx --- Comment #1 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-02-02 10:32:08 PST --- Loading a file full of HTTP in current SVN with Valgrind (and WIRESHARK_DEBUG_SCRUB_MEMORY= WIRESHARK_DEBUG_SE_NO_CHUNKS= set) reports these errors: ==21675== Invalid read of size 1 ==21675== at 0x31A225797B: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F2FCB2: is_http_request_or_reply (packet-http.c:1755) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A225797B: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F2FCC1: is_http_request_or_reply (packet-http.c:1756) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A225797B: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F30811: dissect_http_message (packet-http.c:1919) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A225797B: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F308CF: dissect_http_message (packet-http.c:1934) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A225797B: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F30946: dissect_http_message (packet-http.c:1966) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A2257970: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F308CF: dissect_http_message (packet-http.c:1934) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A2257970: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F30946: dissect_http_message (packet-http.c:1966) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A2257970: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F30811: dissect_http_message (packet-http.c:1919) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== Address 0xf4a9aed is 0 bytes after a block of size 1,525 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257979: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F2FCB2: is_http_request_or_reply (packet-http.c:1755) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257979: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F2FCC1: is_http_request_or_reply (packet-http.c:1756) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257979: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F30811: dissect_http_message (packet-http.c:1919) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257984: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F308CF: dissect_http_message (packet-http.c:1934) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257984: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F30946: dissect_http_message (packet-http.c:1966) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257984: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F30811: dissect_http_message (packet-http.c:1919) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257979: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F308CF: dissect_http_message (packet-http.c:1934) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257979: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F30946: dissect_http_message (packet-http.c:1966) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A2257970: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F2FCB2: is_http_request_or_reply (packet-http.c:1755) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== Address 0xb8d2340 is 0 bytes after a block of size 1,592 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Invalid read of size 1 ==21675== at 0x31A2257970: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F2FCC1: is_http_request_or_reply (packet-http.c:1756) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A15BD: dissect_tcp_payload (packet-tcp.c:1663) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== Address 0xb8d2340 is 0 bytes after a block of size 1,592 alloc'd ==21675== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==21675== by 0x31A223FF82: g_malloc (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CC35E0: fragment_add_work (reassemble.c:846) ==21675== by 0x5CC3C84: fragment_add_common (reassemble.c:1016) ==21675== by 0x5CC3DAF: fragment_add (reassemble.c:1035) ==21675== by 0x61A126C: dissect_tcp_payload (packet-tcp.c:1567) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x5F64EEB: dissect_ip (packet-ip.c:1703) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257984: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0FD2: ep_strndup (emem.c:843) ==21675== by 0x5F2FCB2: is_http_request_or_reply (packet-http.c:1755) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) ==21675== ==21675== Conditional jump or move depends on uninitialised value(s) ==21675== at 0x31A2257984: g_strlcpy (in /lib64/libglib-2.0.so.0.1800.4) ==21675== by 0x5CA0F82: se_strndup (emem.c:992) ==21675== by 0x5F2FCC1: is_http_request_or_reply (packet-http.c:1756) ==21675== by 0x5F303E9: dissect_http_message (packet-http.c:718) ==21675== by 0x5F31AA0: dissect_http (packet-http.c:2206) ==21675== by 0x5CA9FF0: call_dissector_through_handle (packet.c:406) ==21675== by 0x5CAA74F: call_dissector_work (packet.c:497) ==21675== by 0x5CAB701: dissector_try_port_new (packet.c:907) ==21675== by 0x61A0A54: decode_tcp_ports (packet-tcp.c:2798) ==21675== by 0x61A0E25: process_tcp_payload (packet-tcp.c:2857) ==21675== by 0x61A141C: dissect_tcp_payload (packet-tcp.c:1597) ==21675== by 0x61A2E15: dissect_tcp (packet-tcp.c:3599) -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- References:
- Prev by Date: [Wireshark-bugs] [Bug 4444] Buildbot crash output: fuzz-2010-01-31-3050.pcap
- Next by Date: [Wireshark-bugs] [Bug 3780] Please omit /debian/ directory from distributed sources
- Previous by thread: [Wireshark-bugs] [Bug 4450] New: Intermittant crash in http dissector if reassemble http headers is enabled
- Next by thread: [Wireshark-bugs] [Bug 4450] Intermittant crash in http dissector if reassemble http headers is enabled
- Index(es):