Wireshark-bugs: [Wireshark-bugs] [Bug 8722] ASN.1 aligned PER dissector fails to check return va

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 28 May 2013 00:56:53 +0000

changed bug 8722

What Removed Added
Status INCOMPLETE CONFIRMED

Comment # 5 on bug 8722 from 
I am not seeing the crash you describe when I decode this file as ULP, however
I do get a number of valgrind errors:

==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x640A139: fast_ensure_contiguous (tvbuff.c:999)
==28152==    by 0x640A55D: tvb_get_guint8 (tvbuff.c:1213)
==28152==    by 0x68CCDAA: dissect_per_boolean (packet-per.c:968)
==28152==    by 0x68D00CC: dissect_per_choice (packet-per.c:1589)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152== 
==28152== Use of uninitialised value of size 8
==28152==    at 0x640A55E: tvb_get_guint8 (tvbuff.c:1214)
==28152==    by 0x68CCDAA: dissect_per_boolean (packet-per.c:968)
==28152==    by 0x68D00CC: dissect_per_choice (packet-per.c:1589)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152==    by 0x63DA116: dissector_try_uint (packet.c:995)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x640A139: fast_ensure_contiguous (tvbuff.c:999)
==28152==    by 0x640A55D: tvb_get_guint8 (tvbuff.c:1213)
==28152==    by 0x640A89C: _tvb_get_bits64 (tvbuff.c:1835)
==28152==    by 0x68CE031: dissect_per_constrained_integer (packet-per.c:1218)
==28152==    by 0x68CFEFD: dissect_per_choice (packet-per.c:1612)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152== 
==28152== Use of uninitialised value of size 8
==28152==    at 0x640A55E: tvb_get_guint8 (tvbuff.c:1214)
==28152==    by 0x640A89C: _tvb_get_bits64 (tvbuff.c:1835)
==28152==    by 0x68CE031: dissect_per_constrained_integer (packet-per.c:1218)
==28152==    by 0x68CFEFD: dissect_per_choice (packet-per.c:1612)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x640A139: fast_ensure_contiguous (tvbuff.c:999)
==28152==    by 0x640A55D: tvb_get_guint8 (tvbuff.c:1213)
==28152==    by 0x68CCDAA: dissect_per_boolean (packet-per.c:968)
==28152==    by 0x68D08C9: dissect_per_sequence (packet-per.c:1748)
==28152==    by 0x6C7EAFA: dissect_ulp_SUPLEND (ulp.cnf:754)
==28152==    by 0x68D00A1: dissect_per_choice (packet-per.c:1642)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152== 
==28152== Use of uninitialised value of size 8
==28152==    at 0x640A55E: tvb_get_guint8 (tvbuff.c:1214)
==28152==    by 0x68CCDAA: dissect_per_boolean (packet-per.c:968)
==28152==    by 0x68D08C9: dissect_per_sequence (packet-per.c:1748)
==28152==    by 0x6C7EAFA: dissect_ulp_SUPLEND (ulp.cnf:754)
==28152==    by 0x68D00A1: dissect_per_choice (packet-per.c:1642)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x640A139: fast_ensure_contiguous (tvbuff.c:999)
==28152==    by 0x640A55D: tvb_get_guint8 (tvbuff.c:1213)
==28152==    by 0x68CCDAA: dissect_per_boolean (packet-per.c:968)
==28152==    by 0x68D0325: dissect_per_sequence (packet-per.c:1764)
==28152==    by 0x6C7EAFA: dissect_ulp_SUPLEND (ulp.cnf:754)
==28152==    by 0x68D00A1: dissect_per_choice (packet-per.c:1642)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152== 
==28152== Use of uninitialised value of size 8
==28152==    at 0x640A55E: tvb_get_guint8 (tvbuff.c:1214)
==28152==    by 0x68CCDAA: dissect_per_boolean (packet-per.c:968)
==28152==    by 0x68D0325: dissect_per_sequence (packet-per.c:1764)
==28152==    by 0x6C7EAFA: dissect_ulp_SUPLEND (ulp.cnf:754)
==28152==    by 0x68D00A1: dissect_per_choice (packet-per.c:1642)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x63ED4E0: proto_item_set_len (proto.c:4176)
==28152==    by 0x68D0457: dissect_per_sequence (packet-per.c:1903)
==28152==    by 0x6C7F19A: dissect_ulp_SlpSessionID (packet-ulp-fn.c:196)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C7F17A: dissect_ulp_SessionID (packet-ulp-fn.c:211)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x63ED4E0: proto_item_set_len (proto.c:4176)
==28152==    by 0x68D0457: dissect_per_sequence (packet-per.c:1903)
==28152==    by 0x6C7F17A: dissect_ulp_SessionID (packet-ulp-fn.c:211)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152==    by 0x63DA116: dissector_try_uint (packet.c:995)
==28152==    by 0x6A455C6: decode_tcp_ports (packet-tcp.c:3984)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x63ED4E0: proto_item_set_len (proto.c:4176)
==28152==    by 0x68D0457: dissect_per_sequence (packet-per.c:1903)
==28152==    by 0x6C7EAFA: dissect_ulp_SUPLEND (ulp.cnf:754)
==28152==    by 0x68D00A1: dissect_per_choice (packet-per.c:1642)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x63ED4E0: proto_item_set_len (proto.c:4176)
==28152==    by 0x68D0066: dissect_per_choice (packet-per.c:1647)
==28152==    by 0x6C7F5C9: dissect_ulp_UlpMessage (ulp.cnf:39)
==28152==    by 0x68D041E: dissect_per_sequence (packet-per.c:1793)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152==    by 0x63DA116: dissector_try_uint (packet.c:995)
==28152==    by 0x6A455C6: decode_tcp_ports (packet-tcp.c:3984)
==28152== 
==28152== Conditional jump or move depends on uninitialised value(s)
==28152==    at 0x63ED4E0: proto_item_set_len (proto.c:4176)
==28152==    by 0x68D0457: dissect_per_sequence (packet-per.c:1903)
==28152==    by 0x6C81B16: dissect_ULP_PDU_PDU (ulp.cnf:34)
==28152==    by 0x6A45328: tcp_dissect_pdus (packet-tcp.c:2353)
==28152==    by 0x6C7DE16: dissect_ulp_tcp (packet-ulp-template.c:86)
==28152==    by 0x63D9037: call_dissector_through_handle (packet.c:458)
==28152==    by 0x63D986C: call_dissector_work (packet.c:552)
==28152==    by 0x63DA0BF: dissector_try_uint_new (packet.c:969)
==28152==    by 0x63DA116: dissector_try_uint (packet.c:995)
==28152==    by 0x6A455C6: decode_tcp_ports (packet-tcp.c:3984)
==28152==    by 0x6A459C1: process_tcp_payload (packet-tcp.c:4043)
==28152==    by 0x6A461C0: dissect_tcp_payload (packet-tcp.c:1931)

This is with trunk r49601

You are receiving this mail because:
  • You are watching all bug changes.