Wireshark-bugs: [Wireshark-bugs] [Bug 6618] New: Wireshark crashes in ieee80211 dissector
Date: Fri, 25 Nov 2011 20:24:11 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6618 Summary: Wireshark crashes in ieee80211 dissector Product: Wireshark Version: SVN Platform: x86 OS/Version: Windows XP Status: NEW Severity: Critical Priority: Low Component: Wireshark AssignedTo: bugzilla-admin@xxxxxxxxxxxxx ReportedBy: christopher.maynard@xxxxxxxxx Created an attachment (id=7472) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7472) A single packet that will crash Wireshark in the ieee80211 dissector. Build Information: SVN 40006 -- Load the attached .pcap file. Wireshark will crash. This bug was discovered while fuzzing the menagerie for testing my recent changes in packet-ip.c; however, the crash is occurring in a completely different place, namely in packet-ieee80211.c. Here's the call stack: > libwireshark.dll!do_throw(except_t * except) Line 213 C libwireshark.dll!except_throw(long group, long code, const char * msg) Line 298 C libwireshark.dll!check_offset_length(const unsigned int tvb_length_val, const unsigned int tvb_reported_length_val, const int offset, const int length_val, unsigned int * offset_ptr, unsigned int * length_ptr) Line 504 C libwireshark.dll!tvb_ensure_bytes_exist(const tvbuff * tvb, const int offset, const int length) Line 755 + 0x23 bytes C libwireshark.dll!add_tagged_field(_packet_info * pinfo, _proto_node * tree, tvbuff * tvb, int offset, int ftype) Line 9606 + 0x17 bytes C libwireshark.dll!ieee_80211_add_tagged_parameters(tvbuff * tvb, int offset, _packet_info * pinfo, _proto_node * tree, int tagged_parameters_len, int ftype) Line 9627 + 0x19 bytes C libwireshark.dll!dissect_ieee80211_mgt(unsigned short fcf, tvbuff * tvb, _packet_info * pinfo, _proto_node * tree) Line 9779 + 0x1b bytes C libwireshark.dll!dissect_ieee80211_common(tvbuff * tvb, _packet_info * pinfo, _proto_node * tree, int fixed_length_header, int fcs_len, int wlan_broken_fc, int datapad, int is_ht) Line 11274 + 0x19 bytes C libwireshark.dll!dissect_ieee80211(tvbuff * tvb, _packet_info * pinfo, _proto_node * tree) Line 11401 + 0x22 bytes C libwireshark.dll!call_dissector_through_handle(dissector_handle * handle, tvbuff * tvb, _packet_info * pinfo, _proto_node * tree) Line 386 + 0x14 bytes C libwireshark.dll!call_dissector_work(dissector_handle * handle, tvbuff * tvb, _packet_info * pinfo_arg, _proto_node * tree, int add_proto_name) Line 477 + 0x15 bytes C libwireshark.dll!dissector_try_uint_new(dissector_table * sub_dissectors, const unsigned int uint_val, tvbuff * tvb, _packet_info * pinfo, _proto_node * tree, const int add_proto_name) Line 902 + 0x19 bytes C libwireshark.dll!dissector_try_uint(dissector_table * sub_dissectors, const unsigned int uint_val, tvbuff * tvb, _packet_info * pinfo, _proto_node * tree) Line 928 + 0x1b bytes C libwireshark.dll!dissect_frame(tvbuff * tvb, _packet_info * pinfo, _proto_node * parent_tree) Line 344 + 0x23 bytes C libwireshark.dll!call_dissector_through_handle(dissector_handle * handle, tvbuff * tvb, _packet_info * pinfo, _proto_node * tree) Line 386 + 0x14 bytes C libwireshark.dll!call_dissector_work(dissector_handle * handle, tvbuff * tvb, _packet_info * pinfo_arg, _proto_node * tree, int add_proto_name) Line 477 + 0x15 bytes C libwireshark.dll!call_dissector_only(dissector_handle * handle, tvbuff * tvb, _packet_info * pinfo, _proto_node * tree) Line 1894 + 0x17 bytes C libwireshark.dll!call_dissector(dissector_handle * handle, tvbuff * tvb, _packet_info * pinfo, _proto_node * tree) Line 1907 + 0x15 bytes C libwireshark.dll!dissect_packet(_epan_dissect_t * edt, wtap_pseudo_header * pseudo_header, const unsigned char * pd, _frame_data * fd, _column_info * cinfo) Line 317 + 0x20 bytes C libwireshark.dll!epan_dissect_run(_epan_dissect_t * edt, void * pseudo_header, const unsigned char * data, _frame_data * fd, _column_info * cinfo) Line 202 + 0x19 bytes C wireshark.exe!add_packet_to_packet_list(_frame_data * fdata, _capture_file * cf, _dfilter_t * dfcode, int filtering_tap_listeners, unsigned int tap_flags, wtap_pseudo_header * pseudo_header, const unsigned char * buf, int refilter, int add_to_packet_list) Line 1102 + 0x1c bytes C wireshark.exe!read_packet(_capture_file * cf, _dfilter_t * dfcode, int filtering_tap_listeners, unsigned int tap_flags, __int64 offset) Line 1193 + 0x25 bytes C wireshark.exe!cf_read(_capture_file * cf, int from_save) Line 608 + 0x23 bytes C wireshark.exe!win32_open_file(HWND__ * h_wnd) Line 247 + 0xc bytes C wireshark.exe!file_open_cmd(_GtkWidget * w) Line 453 + 0x1d bytes C wireshark.exe!file_open_cmd_cb(_GtkWidget * widget, void * data) Line 614 + 0x9 bytes C wireshark.exe!welcome_button_callback_helper(_GtkWidget * w, _GdkEventButton * event, void * user_data) Line 300 + 0x9 bytes C libgtk-win32-2.0-0.dll!6185a09a() [Frames below may be incorrect and/or missing, no symbols loaded for libgtk-win32-2.0-0.dll] libgobject-2.0-0.dll!63a45aca() libgobject-2.0-0.dll!63a56990() uxtheme.dll!5ad73935() user32.dll!7e4194be() ntdll.dll!7c910a36() ntdll.dll!7c910a36() ntdll.dll!7c910041() ntdll.dll!7c91005d() ntdll.dll!7c91005d() kernel32.dll!7c801bea() msvcrt.dll!77c2c2de() libwsutil.dll!ws_load_library(char * library_name) Line 545 + 0x9 bytes C 106acccc() -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 6618] Wireshark crashes in ieee80211 dissector
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 6618] Wireshark crashes in ieee80211 dissector
- Prev by Date: [Wireshark-bugs] [Bug 6574] MPLS - Extensions to the "MPLS Generic Associated Channel" [RFC 5586]
- Next by Date: [Wireshark-bugs] [Bug 6611] NTP packets incorrectly display the date for a timestamp of 0
- Previous by thread: [Wireshark-bugs] [Bug 3472] Fix: save/restore pinfo->private_data when used
- Next by thread: [Wireshark-bugs] [Bug 6618] Wireshark crashes in ieee80211 dissector
- Index(es):