Wireshark-bugs: [Wireshark-bugs] [Bug 8693] New: Invalid memory read in P1 dissector
Date: Fri, 17 May 2013 16:25:53 +0000
| Bug ID | 8693 |
|---|---|
| Summary | Invalid memory read in P1 dissector |
| Classification | Unclassified |
| Product | Wireshark |
| Version | SVN |
| Hardware | All |
| OS | All |
| Status | UNCONFIRMED |
| Severity | Major |
| Priority | Low |
| Component | Dissection engine (libwireshark) |
| Assignee | [email protected] |
| Reporter | [email protected] |
Build Information: TShark 1.11.0 (SVN Rev 49377 from /trunk) Copyright 1998-2013 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.34.2, with libpcap, with libz 1.2.7, without POSIX capabilities, without libnl, without SMI, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.0, without Kerberos, without GeoIP. Running on Linux 3.8.9-200.fc18.x86_64, with locale C, with libpcap version 1.3.0, with libz 1.2.7. Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz Built using gcc 4.7.2 20121109 (Red Hat 4.7.2-8). -- After fixing a Valgrind error that popped up in bug 8197 (long after the actual crash there had been fixed) I noticed a new Valgrind error from that bug's capture file: ==31418== Invalid read of size 8 ==31418== at 0x61B3A7D: proto_item_append_text (proto.c:4108) ==31418== by 0x6B56E9F: dissect_p1_MTAName (p1.cnf:691) ==31418== by 0x6298BEB: dissect_ber_choice (packet-ber.c:3404) ==31418== by 0x6B5318F: dissect_p1_ObjectName (p1.cnf:1203) ==31418== by 0x629D21E: dissect_ber_set (packet-ber.c:2855) ==31418== by 0x6B5B171: dissect_MTSBindResult_PDU (p1.cnf:1290) ==31418== by 0x69CA5D8: call_ros_oid_callback (packet-ros-template.c:199) ==31418== by 0x6298BEB: dissect_ber_choice (packet-ber.c:3404) ==31418== by 0x69CADEF: dissect_ros_ROS (ros.cnf:196) ==31418== by 0x69CAED7: dissect_ros (packet-ros-template.c:432) ==31418== by 0x619D717: call_dissector_through_handle (packet.c:458) ==31418== by 0x619DF4C: call_dissector_work (packet.c:552) ==31418== Address 0xfc44a60 is 16 bytes after a block of size 240 free'd ==31418== at 0x4A077E6: free (vg_replace_malloc.c:446) ==31418== by 0x30E6A4D79E: g_free (in /usr/lib64/libglib-2.0.so.0.3400.2) ==31418== by 0x30E6A62E4E: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3400.2) ==31418== by 0x61AAC1D: proto_tree_free_node (proto.c:585) ==31418== by 0x61AABE1: proto_tree_children_foreach (proto.c:524) ==31418== by 0x61AAC0A: proto_tree_free_node (proto.c:582) ==31418== by 0x61AABE1: proto_tree_children_foreach (proto.c:524) ==31418== by 0x61AAC7A: proto_tree_free (proto.c:598) ==31418== by 0x6195A93: epan_dissect_cleanup (epan.c:239) ==31418== by 0x418B82: process_packet (tshark.c:3295) ==31418== by 0x40B0E1: main (tshark.c:3031) Use the attachment from bug 8197 to reproduce.
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 8693] Invalid memory read in P1 dissector
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8693] Invalid memory read in P1 dissector
- Prev by Date: [Wireshark-bugs] [Bug 8692] Wireshark combines two diameter messages (RAA & CCR-U) in one
- Next by Date: [Wireshark-bugs] [Bug 8197] PER dissector crash
- Previous by thread: [Wireshark-bugs] [Bug 8692] Wireshark combines two diameter messages (RAA & CCR-U) in one
- Next by thread: [Wireshark-bugs] [Bug 8693] Invalid memory read in P1 dissector
- Index(es):