Wireshark-bugs: [Wireshark-bugs] [Bug 7960] Buildbot crash output: fuzz-2012-11-06-1334.pcap

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 7 Nov 2012 13:32:59 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7960

Martin Kaiser <wireshark@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |wireshark@xxxxxxxxx

--- Comment #1 from Martin Kaiser <wireshark@xxxxxxxxx> 2012-11-07 13:32:58 PST ---
backtrace
#0  bytes_to_hexstr_punct (out=0x7fffffffddc0 "", ad=0x0, len=3,
punct=46 '.')
    at to_str.c:138
#1  0x00007ffff4fecb2b in address_to_str_buf (addr=0x7fffffffe118, 
    buf=0x7fffecf64d70 "", buf_len=256) at address_to_str.c:589
#2  0x00007ffff4fece0e in se_address_to_str (addr=0x7fffffffe118)
    at address_to_str.c:532
#3  0x00007ffff4febfca in se_get_addr_name (addr=0x7fffffffe118)
    at addr_resolv.c:2967
#4  0x00007ffff4fefae3 in col_set_addr (pinfo=0x7fffffffe070, col=3,
addr=0x3, 
    is_src=0, fill_col_exprs=<value optimized out>) at
column-utils.c:1429
#5  0x00007ffff4ff2214 in col_fill_in (pinfo=0x7fffffffe070,
fill_col_exprs=0, 
    fill_fd_colums=<value optimized out>) at column-utils.c:1753
#6  0x0000000000417ab7 in print_packet (cf=0x644d20, edt=0x7fffffffe060)
    at tshark.c:3501
#7  0x00000000004184e7 in process_packet (cf=0x644d20, 
    offset=<value optimized out>, whdr=<value optimized out>, 
    pd=<value optimized out>, filtering_tap_listeners=<value optimized
out>, 
    tap_flags=<value optimized out>) at tshark.c:3170
#8  0x000000000041bddc in load_cap_file (argc=<value optimized out>, 
    argv=<value optimized out>) at tshark.c:2952
#9  main (argc=<value optimized out>, argv=<value optimized out>)
    at tshark.c:1845


when process_packet() calls print_packet(), the destination address already
contains the NULL pointer

(gdb) print edt
$7 = {tvb = 0x16c38c0, tree = 0x0, pi = {
... 
    dst = { type = AT_FC, hf = -1, len = 3, data = 0x0}


this is set in packet-fc.c, dissect_fc_helper()
...
SET_ADDRESS (&pinfo->dst, AT_FC, 3, tvb_get_ptr(tvb,offset+1,3));

tvb_get_ptr() throws an exception for packet 99 in the fuzz-test capture


I'm not sure how to fix this. Who should catch the exception? When reading the
file with tshark, process_packet() calls epan_dissect_run_with_taps(), which in
turn calls dissect_packet(). In dissect_packet(), there's an exception handler
for ReportedBoundsError...

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.