Wireshark-bugs: [Wireshark-bugs] [Bug 5134] Buildbot crash output: fuzz-2010-08-24-31301.pcap
Date: Wed, 25 Aug 2010 07:06:00 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5134 Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jeff.morriss.ws@xxxxxxxxx --- Comment #1 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-08-25 07:05:55 PDT --- The problem is an indirect recursion in the BER dissector: #90 0x00007f43af901765 in dissect_ber_octet_string (implicit_tag=31842, actx=0x7c62, tree=0x6, tvb=0xffffffffffffffff, offset=-1370687760, hf_id=<value optimized out>, out_tvb=0x7fffe5f4aed8) at packet-ber.c:1331 #91 0x00007f43af90132b in reassemble_octet_string () at packet-ber.c:1137 #92 dissect_ber_constrained_octet_string (implicit_tag=<value optimized out>, actx=0x7fffe5f4b350, tree=0x0, tvb=0x2169760, offset=109, min_len=<value optimized out>, max_len=-1, hf_id=71278, out_tvb=0x7fffe5f4afa8) at packet-ber.c:1291 #93 0x00007f43af901765 in dissect_ber_octet_string (implicit_tag=31842, actx=0x7c62, tree=0x6, tvb=0xffffffffffffffff, offset=-1370687760, hf_id=<value optimized out>, out_tvb=0x7fffe5f4afa8) at packet-ber.c:1331 #94 0x00007f43af90132b in reassemble_octet_string () at packet-ber.c:1137 #95 dissect_ber_constrained_octet_string (implicit_tag=<value optimized out>, actx=0x7fffe5f4b350, tree=0x0, tvb=0x2169760, offset=107, min_len=<value optimized out>, max_len=-1, hf_id=71278, out_tvb=0x7fffe5f4b078) at packet-ber.c:1291 #96 0x00007f43af901765 in dissect_ber_octet_string (implicit_tag=31842, actx=0x7c62, tree=0x6, tvb=0xffffffffffffffff, offset=-1370687760, hf_id=<value optimized out>, out_tvb=0x7fffe5f4b078) at packet-ber.c:1331 #97 0x00007f43af90132b in reassemble_octet_string () at packet-ber.c:1137 #98 dissect_ber_constrained_octet_string (implicit_tag=<value optimized out>, actx=0x7fffe5f4b350, tree=0x0, tvb=0x2169760, offset=105, min_len=<value optimized out>, max_len=-1, hf_id=71278, out_tvb=0x7fffe5f4b148) at packet-ber.c:1291 #99 0x00007f43af901765 in dissect_ber_octet_string (implicit_tag=31842, actx=0x7c62, tree=0x6, tvb=0xffffffffffffffff, offset=-1370687760, hf_id=<value optimized out>, out_tvb=0x7fffe5f4b148) at packet-ber.c:1331 #100 0x00007f43af90132b in reassemble_octet_string () at packet-ber.c:1137 #101 dissect_ber_constrained_octet_string (implicit_tag=<value optimized out>, actx=0x7fffe5f4b350, tree=0x2184420, tvb=0x2169760, offset=103, min_len=<value optimized out>, max_len=-1, hf_id=71278, out_tvb=0x0) at packet-ber.c:1291 #102 0x00007f43af901765 in dissect_ber_octet_string (implicit_tag=31842, actx=0x7c62, tree=0x6, tvb=0xffffffffffffffff, offset=-1370687760, hf_id=<value optimized out>, out_tvb=0x0) at packet-ber.c:1331 #103 0x00007f43b004ab63 in dissect_snmp_Community (implicit_tag=31842, tvb=<value optimized out>, offset=<value optimized out>, actx=0x8, tree=0x0, hf_index=-1596532272) at snmp.cnf:162 #104 0x00007f43af9007fe in dissect_ber_sequence (implicit_tag=0, actx=0x7fffe5f4b350, parent_tree=<value optimized out>, tvb=0x21699e0, offset=11, seq=0x7f43b0f746c0, hf_id=-1, ett_id=24044) at packet-ber.c:1906 #105 0x00007f43b004c9c9 in dissect_snmp_Messagev2u () at snmp.cnf:103 This was added in rev 33910: if(!fragment && firstFragment) { /* there is only one fragment (I'm sure there's a reason it was constructed) */ /* anyway, we can get out of here */ dissect_ber_octet_string(FALSE, actx, tree, tvb, start_offset, hf_id, NULL); <<< this will indirectly call reassemble_octet_string() again reassembled_tvb = next_tvb; break; } I can fix the loop easily enough by taking out this line, but I don't quite understand what's supposed to be going on here. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- References:
- [Wireshark-bugs] [Bug 5134] New: Buildbot crash output: fuzz-2010-08-24-31301.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5134] New: Buildbot crash output: fuzz-2010-08-24-31301.pcap
- Prev by Date: [Wireshark-bugs] [Bug 5138] Fix a typos in diameters XML
- Next by Date: [Wireshark-bugs] [Bug 5135] Buildbot crash output: fuzz-2010-08-24-9939.pcap
- Previous by thread: [Wireshark-bugs] [Bug 5134] New: Buildbot crash output: fuzz-2010-08-24-31301.pcap
- Next by thread: [Wireshark-bugs] [Bug 5134] Buildbot crash output: fuzz-2010-08-24-31301.pcap
- Index(es):