Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4932] Buildbot crash output: fuzz-2010-06-26-12232.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 4932] Buildbot crash output: fuzz-2010-06-26-12232.pcap

Date: Sun, 27 Jun 2010 14:47:33 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4932

--- Comment #1 from Guy Harris <guy@xxxxxxxxxxxx> 2010-06-27 14:47:30 PDT ---
More detailed crash information from my OS X machine:

** (process:15742): WARNING **: Dissector bug, protocol H248, in packet 295:
proto.c:1299: failed assertion "length == 4"

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000400000008
0x00000001000fa379 in tvb_length (tvb=0x400000004) at tvbuff.c:631
631        DISSECTOR_ASSERT(tvb && tvb->initialized);
(gdb) where
#0  0x00000001000fa379 in tvb_length (tvb=0x400000004) at tvbuff.c:631
#1  0x00000001003d88e3 in dissect_h248_T_terminationId (implicit_tag=<value
temporarily unavailable, due to optimizations>, tvb=<value temporarily
unavailable, due to optimizations>, offset=75, actx=0x7fff5fbfd560,
tree=0x10412baa0, hf_index=<value temporarily unavailable, due to
optimizations>) at h248.cnf:327
#2  0x00000001001bb2ab in dissect_ber_sequence (implicit_tag=<value temporarily
unavailable, due to optimizations>, actx=0x7fff5fbfd560, parent_tree=<value
temporarily unavailable, due to optimizations>, tvb=0x10412fcc0, offset=2,
seq=0x101454e80, hf_id=26180, ett_id=7971) at packet-ber.c:1880
#3  0x00000001003d8871 in dissect_h248_TerminationID (implicit_tag=1,
tvb=0x10412fcc0, offset=0, actx=0x7fff5fbfd560, tree=0x104132340,
hf_index=26180) at h248.cnf:307
#4  0x00000001001bb2ab in dissect_ber_sequence (implicit_tag=<value temporarily
unavailable, due to optimizations>, actx=0x7fff5fbfd560, parent_tree=<value
temporarily unavailable, due to optimizations>, tvb=0x10412c800, offset=0,
seq=0x1014581c0, hf_id=26151, ett_id=7931) at packet-ber.c:1880
#5  0x00000001003d4f14 in dissect_h248_AuditRequest (implicit_tag=<value
temporarily unavailable, due to optimizations>, tvb=<value temporarily
unavailable, due to optimizations>, offset=<value temporarily unavailable, due
to optimizations>, actx=<value temporarily unavailable, due to optimizations>,
tree=<value temporarily unavailable, due to optimizations>, hf_index=<value
temporarily unavailable, due to optimizations>) at h248.cnf:188
#6  0x00000001003d7d17 in dissect_h248_T_auditValueRequest (implicit_tag=1,
tvb=0x10412c800, offset=0, actx=0x7fff5fbfd560, tree=0x10410dac0,
hf_index=26151) at h248.cnf:188
#7  0x00000001001b57a3 in dissect_ber_choice (actx=0x7fff5fbfd560,
parent_tree=0x1041323a0, tvb=0x10410f0c0, offset=<value temporarily
unavailable, due to optimizations>, choice=0x101457dc0, hf_id=26143,
ett_id=7923, branch_taken=0x0) at packet-ber.c:2960
#8  0x00000001003d5f44 in dissect_h248_Command (implicit_tag=<value temporarily
unavailable, due to optimizations>, tvb=<value temporarily unavailable, due to
optimizations>, offset=<value temporarily unavailable, due to optimizations>,
actx=<value temporarily unavailable, due to optimizations>, tree=<value
temporarily unavailable, due to optimizations>, hf_index=<value temporarily
unavailable, due to optimizations>) at h248.cnf:237
#9  0x00000001001bb2ab in dissect_ber_sequence (implicit_tag=<value temporarily
unavailable, due to optimizations>, actx=0x7fff5fbfd560, parent_tree=<value
temporarily unavailable, due to optimizations>, tvb=0x10410f360, offset=2,
seq=0x101457d40, hf_id=26117, ett_id=7922) at packet-ber.c:1880
#10 0x00000001003d4d94 in dissect_h248_CommandRequest (implicit_tag=<value
temporarily unavailable, due to optimizations>, tvb=<value temporarily
unavailable, due to optimizations>, offset=<value temporarily unavailable, due
to optimizations>, actx=<value temporarily unavailable, due to optimizations>,
tree=<value temporarily unavailable, due to optimizations>, hf_index=<value
temporarily unavailable, due to optimizations>) at h248.cnf:254
#11 0x00000001001b87ad in dissect_ber_sq_of (implicit_tag=<value temporarily
unavailable, due to optimizations>, type=16, actx=0x7fff5fbfd560,
parent_tree=0x10410daf0, tvb=0x10412c980, offset=0, min_len=-1, max_len=-1,
seq=0x101457d20, hf_id=26116, ett_id=7912) at packet-ber.c:3701
#12 0x00000001001b8da0 in dissect_ber_sequence_of (implicit_tag=<value
temporarily unavailable, due to optimizations>, actx=<value temporarily
unavailable, due to optimizations>, parent_tree=<value temporarily unavailable,
due to optimizations>, tvb=<value temporarily unavailable, due to
optimizations>, offset=<value temporarily unavailable, due to optimizations>,
seq=<value temporarily unavailable, due to optimizations>, hf_id=26116,
ett_id=7912) at packet-ber.c:3936
#13 0x00000001003d6544 in dissect_h248_SEQUENCE_OF_CommandRequest
(implicit_tag=<value temporarily unavailable, due to optimizations>, tvb=<value
temporarily unavailable, due to optimizations>, offset=<value temporarily
unavailable, due to optimizations>, actx=<value temporarily unavailable, due to
optimizations>, tree=<value temporarily unavailable, due to optimizations>,
hf_index=<value temporarily unavailable, due to optimizations>) at h248.cnf:267
#14 0x00000001001bb2ab in dissect_ber_sequence (implicit_tag=<value temporarily
unavailable, due to optimizations>, actx=0x7fff5fbfd560, parent_tree=<value
temporarily unavailable, due to optimizations>, tvb=0x10412c860, offset=9,
seq=0x101457ce0, hf_id=26097, ett_id=7911) at packet-ber.c:1880
#15 0x00000001003d4d54 in dissect_h248_ActionRequest (implicit_tag=<value
temporarily unavailable, due to optimizations>, tvb=<value temporarily
unavailable, due to optimizations>, offset=<value temporarily unavailable, due
to optimizations>, actx=<value temporarily unavailable, due to optimizations>,
tree=<value temporarily unavailable, due to optimizations>, hf_index=<value
temporarily unavailable, due to optimizations>) at h248.cnf:284
#16 0x00000001001b87ad in dissect_ber_sq_of (implicit_tag=<value temporarily
unavailable, due to optimizations>, type=16, actx=0x7fff5fbfd560,
parent_tree=0x104131fe0, tvb=0x10412c9e0, offset=0, min_len=-1, max_len=-1,
seq=0x101457c60, hf_id=26096, ett_id=7902) at packet-ber.c:3701
#17 0x00000001001b8da0 in dissect_ber_sequence_of (implicit_tag=<value
temporarily unavailable, due to optimizations>, actx=<value temporarily
unavailable, due to optimizations>, parent_tree=<value temporarily unavailable,
due to optimizations>, tvb=<value temporarily unavailable, due to
optimizations>, offset=<value temporarily unavailable, due to optimizations>,
seq=<value temporarily unavailable, due to optimizations>, hf_id=26096,
ett_id=7902) at packet-ber.c:3936
#18 0x00000001003d6504 in dissect_h248_SEQUENCE_OF_ActionRequest
(implicit_tag=<value temporarily unavailable, due to optimizations>, tvb=<value
temporarily unavailable, due to optimizations>, offset=<value temporarily
unavailable, due to optimizations>, actx=<value temporarily unavailable, due to
optimizations>, tree=<value temporarily unavailable, due to optimizations>,
hf_index=<value temporarily unavailable, due to optimizations>) at h248.cnf:297
#19 0x00000001001bb2ab in dissect_ber_sequence (implicit_tag=<value temporarily
unavailable, due to optimizations>, actx=0x7fff5fbfd560, parent_tree=<value
temporarily unavailable, due to optimizations>, tvb=0x10412d120, offset=6,
seq=0x101457c20, hf_id=26090, ett_id=7901) at packet-ber.c:1880
#20 0x00000001003d4d14 in dissect_h248_TransactionRequest (implicit_tag=<value
temporarily unavailable, due to optimizations>, tvb=<value temporarily
unavailable, due to optimizations>, offset=<value temporarily unavailable, due
to optimizations>, actx=<value temporarily unavailable, due to optimizations>,
tree=<value temporarily unavailable, due to optimizations>, hf_index=<value
temporarily unavailable, due to optimizations>) at h248.cnf:312
#21 0x00000001001b57a3 in dissect_ber_choice (actx=0x7fff5fbfd560,
parent_tree=0x10410de20, tvb=0x104130400, offset=<value temporarily
unavailable, due to optimizations>, choice=0x101454420, hf_id=26080,
ett_id=7900, branch_taken=0x0) at packet-ber.c:2960
#22 0x00000001003d5dc4 in dissect_h248_Transaction (implicit_tag=<value
temporarily unavailable, due to optimizations>, tvb=<value temporarily
unavailable, due to optimizations>, offset=<value temporarily unavailable, due
to optimizations>, actx=<value temporarily unavailable, due to optimizations>,
tree=<value temporarily unavailable, due to optimizations>, hf_index=<value
temporarily unavailable, due to optimizations>) at h248.cnf:167
#23 0x00000001001b87ad in dissect_ber_sq_of (implicit_tag=<value temporarily
unavailable, due to optimizations>, type=16, actx=0x7fff5fbfd560,
parent_tree=0x10410e1e0, tvb=0x10412ff60, offset=0, min_len=-1, max_len=-1,
seq=0x101454400, hf_id=26079, ett_id=7895) at packet-ber.c:3701
#24 0x00000001001b8da0 in dissect_ber_sequence_of (implicit_tag=<value
temporarily unavailable, due to optimizations>, actx=<value temporarily
unavailable, due to optimizations>, parent_tree=<value temporarily unavailable,
due to optimizations>, tvb=<value temporarily unavailable, due to
optimizations>, offset=<value temporarily unavailable, due to optimizations>,
seq=<value temporarily unavailable, due to optimizations>, hf_id=26079,
ett_id=7895) at packet-ber.c:3936
#25 0x00000001003d6384 in dissect_h248_SEQUENCE_OF_Transaction
(implicit_tag=<value temporarily unavailable, due to optimizations>, tvb=<value
temporarily unavailable, due to optimizations>, offset=<value temporarily
unavailable, due to optimizations>, actx=<value temporarily unavailable, due to
optimizations>, tree=<value temporarily unavailable, due to optimizations>,
hf_index=<value temporarily unavailable, due to optimizations>) at h248.cnf:181
#26 0x00000001001b57a3 in dissect_ber_choice (actx=0x7fff5fbfd560,
parent_tree=0x1041320a0, tvb=0x10412ff00, offset=<value temporarily
unavailable, due to optimizations>, choice=0x101454380, hf_id=26077,
ett_id=7894, branch_taken=0x0) at packet-ber.c:2960
#27 0x00000001003d5d84 in dissect_h248_T_messageBody (implicit_tag=<value
temporarily unavailable, due to optimizations>, tvb=<value temporarily
unavailable, due to optimizations>, offset=<value temporarily unavailable, due
to optimizations>, actx=<value temporarily unavailable, due to optimizations>,
tree=<value temporarily unavailable, due to optimizations>, hf_index=<value
temporarily unavailable, due to optimizations>) at h248.cnf:202
#28 0x00000001001bb2ab in dissect_ber_sequence (implicit_tag=<value temporarily
unavailable, due to optimizations>, actx=0x7fff5fbfd560, parent_tree=<value
temporarily unavailable, due to optimizations>, tvb=0x10412fc00, offset=17,
seq=0x101454340, hf_id=26071, ett_id=7893) at packet-ber.c:1880
#29 0x00000001003d5c40 in dissect_h248_Message (implicit_tag=1,
tvb=0x10412fc00, offset=0, actx=0x7fff5fbfd560, tree=0x10412bce0,
hf_index=26071) at h248.cnf:88
#30 0x00000001001bb2ab in dissect_ber_sequence (implicit_tag=<value temporarily
unavailable, due to optimizations>, actx=0x7fff5fbfd560, parent_tree=<value
temporarily unavailable, due to optimizations>, tvb=0x10412d360, offset=2,
seq=0x1014542c0, hf_id=-1, ett_id=7891) at packet-ber.c:1880
#31 0x00000001003d4a8a in dissect_h248 (tvb=0x10412d360, pinfo=0x7fff5fbfe7e0,
tree=0x10410ec90) at packet-h248-template.c:1359
#32 0x00000001000cfb7c in call_dissector_through_handle (handle=0x103bd85e0,
tvb=0x10412d360, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90) at packet.c:409
#33 0x00000001000d0309 in call_dissector_work (handle=0x103bd85e0,
tvb=0x10412d360, pinfo_arg=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1)
at packet.c:500
#34 0x00000001000d04b2 in call_dissector (handle=<value temporarily
unavailable, due to optimizations>, tvb=0x10412d360, pinfo=0x7fff5fbfe7e0,
tree=0x10410ec90) at packet.c:1839
#35 0x00000001004ab006 in dissect_megaco_text (tvb=0x10412d360,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90) at packet-megaco.c:400
#36 0x00000001000cfb7c in call_dissector_through_handle (handle=0x1052f85d0,
tvb=0x10412d360, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90) at packet.c:409
#37 0x00000001000d0309 in call_dissector_work (handle=0x1052f85d0,
tvb=0x10412d360, pinfo_arg=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1)
at packet.c:500
#38 0x00000001000d11f1 in dissector_try_port_new (sub_dissectors=<value
temporarily unavailable, due to optimizations>, port=7, tvb=0x10412d360,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1) at packet.c:910
#39 0x0000000100642193 in dissect_payload (payload_tvb=0x10412d360,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90, ppi=7) at packet-sctp.c:1975
#40 0x0000000100642aa5 in dissect_data_chunk (chunk_tvb=<value temporarily
unavailable, due to optimizations>, chunk_length=<value temporarily
unavailable, due to optimizations>, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90,
chunk_tree=0x10410e1b0, chunk_item=0x10410e1b0, flags_item=0x1041322b0, ha=0x0)
at packet-sctp.c:2737
#41 0x000000010064444f in dissect_sctp_chunk (chunk_tvb=0x10412d060,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90, sctp_tree=0x10410e030, ha=0x0,
useinfo=1) at packet-sctp.c:3576
#42 0x0000000100645493 in dissect_sctp_chunks [inlined] () at
/Users/gharris/src/cmd/wireshark.warnings/epan/dissectors/packet-sctp.c:3694
#43 0x0000000100645493 in dissect_sctp_packet (tvb=0x10410faa0,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90, encapsulated=0) at packet-sctp.c:3847
#44 0x0000000100645c76 in dissect_sctp (tvb=0x10410faa0, pinfo=0x7fff5fbfe7e0,
tree=0x10410ec90) at packet-sctp.c:3892
#45 0x00000001000cfb7c in call_dissector_through_handle (handle=0x1055f1ba0,
tvb=0x10410faa0, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90) at packet.c:409
#46 0x00000001000d0309 in call_dissector_work (handle=0x1055f1ba0,
tvb=0x10410faa0, pinfo_arg=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1)
at packet.c:500
#47 0x00000001000d11f1 in dissector_try_port_new (sub_dissectors=<value
temporarily unavailable, due to optimizations>, port=132, tvb=0x10410faa0,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1) at packet.c:910
#48 0x000000010042c6ca in dissect_ip (tvb=0x10410f860, pinfo=0x7fff5fbfe7e0,
parent_tree=0x10410ec90) at packet-ip.c:1721
#49 0x00000001000cfb7c in call_dissector_through_handle (handle=0x10534a210,
tvb=0x10410f860, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90) at packet.c:409
#50 0x00000001000d0309 in call_dissector_work (handle=0x10534a210,
tvb=0x10410f860, pinfo_arg=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1)
at packet.c:500
#51 0x00000001000d11f1 in dissector_try_port_new (sub_dissectors=<value
temporarily unavailable, due to optimizations>, port=2048, tvb=0x10410f860,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1) at packet.c:910
#52 0x000000010032cb24 in ethertype (etype=2048, tvb=0x104130700,
offset_after_etype=14, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90,
fh_tree=0x10412b290, etype_id=17382, trailer_id=17384, fcs_len=-1) at
packet-ethertype.c:254
#53 0x000000010032bea5 in dissect_eth_common (tvb=0x104130700,
pinfo=0x7fff5fbfe7e0, parent_tree=0x10410ec90, fcs_len=-1) at packet-eth.c:341
#54 0x00000001000cfb7c in call_dissector_through_handle (handle=0x103b691e0,
tvb=0x104130700, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90) at packet.c:409
#55 0x00000001000d0309 in call_dissector_work (handle=0x103b691e0,
tvb=0x104130700, pinfo_arg=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1)
at packet.c:500
#56 0x00000001000d11f1 in dissector_try_port_new (sub_dissectors=<value
temporarily unavailable, due to optimizations>, port=1, tvb=0x104130700,
pinfo=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1) at packet.c:910
#57 0x000000010035f97a in dissect_frame (tvb=0x104130700, pinfo=<value
temporarily unavailable, due to optimizations>, parent_tree=0x10410ec90) at
packet-frame.c:349
#58 0x00000001000cfb7c in call_dissector_through_handle (handle=0x103b991e0,
tvb=0x104130700, pinfo=0x7fff5fbfe7e0, tree=0x10410ec90) at packet.c:409
#59 0x00000001000d0309 in call_dissector_work (handle=0x103b991e0,
tvb=0x104130700, pinfo_arg=0x7fff5fbfe7e0, tree=0x10410ec90, add_proto_name=1)
at packet.c:500
#60 0x00000001000d04b2 in call_dissector (handle=<value temporarily
unavailable, due to optimizations>, tvb=0x104130700, pinfo=0x7fff5fbfe7e0,
tree=0x10410ec90) at packet.c:1839
#61 0x00000001000d1b70 in dissect_packet (edt=0x7fff5fbfe7d0,
pseudo_header=0x105bb4238, pd=0x1040e2600 "", fd=0x7fff5fbfe960, cinfo=<value
temporarily unavailable, due to optimizations>) at packet.c:340
#62 0x000000010001a0be in process_packet (cf=0x10002e0c0, offset=<value
temporarily unavailable, due to optimizations>, whdr=<value temporarily
unavailable, due to optimizations>, pseudo_header=0x105bb4238, pd=0x1040e2600
"", filtering_tap_listeners=<value temporarily unavailable, due to
optimizations>, tap_flags=<value temporarily unavailable, due to
optimizations>) at tshark.c:2829
#63 0x000000010001c503 in load_cap_file [inlined] () at
/Users/gharris/src/cmd/wireshark.warnings/tshark.c:2651
#64 0x000000010001c503 in main (argc=5, argv=0x7fff5fbfee30) at tshark.c:1663

Same underlying problem as 4930 and 4931 (dissect_ber_sequence problem)?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
References:
- [Wireshark-bugs] [Bug 4932] New: Buildbot crash output: fuzz-2010-06-26-12232.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 4930] Buildbot crash output: fuzz-2010-06-26-11428.pcap
Next by Date: [Wireshark-bugs] [Bug 4930] Buildbot crash output: fuzz-2010-06-26-11428.pcap
Previous by thread: [Wireshark-bugs] [Bug 4932] New: Buildbot crash output: fuzz-2010-06-26-12232.pcap
Next by thread: [Wireshark-bugs] [Bug 4932] Buildbot crash output: fuzz-2010-06-26-12232.pcap
Index(es):
- Date
- Thread