Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8752] Erroneous Sign Extension and Faulty Memory Allocation at pcapng_read_int

Wireshark-bugs: [Wireshark-bugs] [Bug 8752] Erroneous Sign Extension and Faulty Memory Allocatio

Date: Sun, 02 Jun 2013 18:42:34 +0000
Comment # 4 on bug 8752 from G. Geshev
And another one..

(gdb) r -n -r 92bc14de9c9193b4ab4f3661ce391ba2.pcapng 
Starting program: /usr/local/bin/tshark -n -r
92bc14de9c9193b4ab4f3661ce391ba2.pcapng
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  1 0.000000000 192.168.0.101 -> 192.168.0.10 HART_IP 55 Session Initiate
Request, Sequence Number 2
  2 0.005240000 192.168.0.10 -> 192.168.0.101 HART_IP 60 Session Initiate
Response, Sequence Number 2
  3 0.048336000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 3
  4 0.052031000 192.168.0.10 -> 192.168.0.101 HART_IP 83 Pass Through Response,
Sequence Number 3
  5 0.100291000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 4
  6 0.104551000 192.168.0.10 -> 192.168.0.101 HART_IP 66 Pass Through Response,
Sequence Number 4
  7 0.152353000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 5
  8 0.156171000 192.168.0.10 -> 192.168.0.101 HART_IP 69 Pass Through Response,
Sequence Number 5
  9 0.204149000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 6
 10 0.208075000 192.168.0.10 -> 192.168.0.101 HART_IP 85 Pass Through Response,
Sequence Number 6
 11 0.256521000 192.168.0.101 -> 192.168.0.10 HART_IP 63 Pass Through Request,
Sequence Number 7
 12 0.260590000 192.168.0.10 -> 192.168.0.101 HART_IP 98 Pass Through Response,
Sequence Number 7
 13 0.308435000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 8
 14 0.311965000 192.168.0.10 -> 192.168.0.101 HART_IP 85 Pass Through Response,
Sequence Number 8
 15 0.360352000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 9
 16 0.364185000 192.168.0.10 -> 192.168.0.101 HART_IP 82 Pass Through Response,
Sequence Number 9
 17 0.412411000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 10
 18 0.415960000 192.168.0.10 -> 192.168.0.101 HART_IP 93 Pass Through Response,
Sequence Number 10
 19 0.464293000 192.168.0.101 -> 192.168.0.10 HART_IP 59 Pass Through Request,
Sequence Number 11
 20 0.467833000 192.168.0.10 -> 192.168.0.101 HART_IP 74 Pass Through Response,
Sequence Number 11
 21 4.996070000 00:0c:29:50:a9:fc -> 00:26:16:00:00:d2 ARP 42 Who has
192.168.0.10?  Tell 192.168.0.101
 22 4.996316000 00:26:16:00:00:d2 -> 00:0c:29:50:a9:fc ARP 60 192.168.0.10 is
at 00:26:16:00:00:d2
 23 30.471673000 192.168.0.101 -> 192.168.0.10 HART_IP 50 Keep Alive Request,
Sequence Number 12
 24 30.472935000 192.168.0.10 -> 192.168.0.101 HART_IP 60 Keep Alive Response,
Sequence Number 12
 25 34.713634000 192.168.0.101 -> 192.168.0.10 HART_IP 50 Session Close
Request, Sequence Number 13
 26 34.714868000 192.168.0.10 -> 192.168.0.101 HART_IP 60 Session Close
Response, Sequence Number 13
 27 34.714964000 192.168.0.101 -> 192.168.0.10 ICMP 78 Destination unreachable
(Port unreachable)
 28 34.996408000 192.168.0.100 -> 64.185.181.238 TCP 66 50407 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690168 TSecr=972288728
 29 34.996443000 192.168.0.100 -> 23.15.7.51   TCP 66 50396 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690168 TSecr=555799464
 30 34.996478000 192.168.0.100 -> 23.15.7.51   TCP 66 50379 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690168 TSecr=555804464
 31 35.096566000 192.168.0.100 -> 72.21.91.19  TCP 54 50413 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0
 32 35.096593000 192.168.0.100 -> 205.251.253.243 TCP 66 50410 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=2924770787
 33 35.096613000 192.168.0.100 -> 66.114.54.41 TCP 66 50404 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=993158342
 34 35.096631000 192.168.0.100 -> 93.184.215.73 TCP 54 50398 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0
 35 35.096649000 192.168.0.100 -> 208.93.140.140 TCP 66 50397 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=3681988593
 36 35.096674000 192.168.0.100 -> 107.22.178.29 TCP 66 50395 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=145529632
 37 35.096681000 192.168.0.100 -> 107.22.178.29 TCP 66 50394 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=145529632
 38 35.096689000 192.168.0.100 -> 107.22.178.29 TCP 66 50393 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=145529632
 39 35.096696000 192.168.0.100 -> 107.22.178.29 TCP 66 50392 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=145529632
 40 35.096704000 192.168.0.100 -> 23.13.181.231 TCP 66 50391 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=428600632
 41 35.096712000 192.168.0.100 -> 23.15.7.75   TCP 66 50389 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1424840586
 42 35.096721000 192.168.0.100 -> 208.93.140.140 TCP 66 50388 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1463884346
 43 35.096728000 192.168.0.100 -> 23.15.7.107  TCP 66 50386 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1578907329
 44 35.096736000 192.168.0.100 -> 23.15.7.48   TCP 66 50385 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1080068594
 45 35.096743000 192.168.0.100 -> 204.11.109.23 TCP 66 50381 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1892653853
 46 35.096752000 192.168.0.100 -> 8.18.45.81   TCP 54 50380 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0
 47 35.096759000 192.168.0.100 -> 8.18.45.80   TCP 54 50378 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0
 48 35.096769000 192.168.0.100 -> 208.93.139.170 TCP 66 50374 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=2407416140
 49 35.096776000 192.168.0.100 -> 74.121.137.24 TCP 66 50373 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1013260860
 50 35.096785000 192.168.0.100 -> 23.15.8.185  TCP 66 50372 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1426291901
 51 35.096792000 192.168.0.100 -> 74.121.137.83 TCP 66 50370 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=4056278530
 52 35.096802000 192.168.0.100 -> 74.125.225.153 TCP 66 50369 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1020471765
 53 35.096809000 192.168.0.100 -> 74.125.225.153 TCP 66 50366 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1020470676
 54 35.096817000 192.168.0.100 -> 23.15.7.72   TCP 66 50365 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=460794594
 55 35.096824000 192.168.0.100 -> 23.13.181.231 TCP 66 50364 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=428600632
 56 35.096833000 192.168.0.100 -> 23.13.176.74 TCP 66 50363 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=428556632
 57 35.096839000 192.168.0.100 -> 216.38.172.99 TCP 66 50361 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=728566130
 58 35.096847000 192.168.0.100 -> 216.38.172.99 TCP 66 50360 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=728566130
 59 35.096854000 192.168.0.100 -> 216.38.172.99 TCP 66 50359 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=728566055
 60 35.096863000 192.168.0.100 -> 216.38.172.131 TCP 66 50346 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=753564645
 61 35.096870000 192.168.0.100 -> 81.17.242.186 TCP 66 50340 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=2982404194
 62 35.096879000 192.168.0.100 -> 74.125.225.156 TCP 66 50339 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=3890867047
 63 35.096887000 192.168.0.100 -> 74.125.225.130 TCP 66 50337 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=3890877817
 64 35.096896000 192.168.0.100 -> 74.125.225.60 TCP 66 50335 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=550098484
 65 35.096903000 192.168.0.100 -> 173.255.225.29 TCP 66 50334 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=124532551
 66 35.096911000 192.168.0.100 -> 173.255.225.29 TCP 66 50333 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=124547498
 67 35.096918000 192.168.0.100 -> 209.85.225.95 TCP 66 50327 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1491423261
 68 35.096926000 192.168.0.100 -> 209.85.225.95 TCP 66 50326 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1432967949
 69 35.096933000 192.168.0.100 -> 74.125.159.99 TCP 66 50323 > 80 [FIN, ACK]
Seq=1 Ack=1 Win=65535 Len=0 TSval=115690169 TSecr=1710106325
 70 35.096942000 192.168.0.100 -> 74.125.159.99 TLSv1 93 Encrypted Alert
 71 35.468562000 00:26:16:00:00:d2 -> 00:0c:29:50:a9:fc ARP 60 Who has
192.168.0.101?  Tell 192.168.0.10
 72 35.468941000 00:0c:29:50:a9:fc -> 00:26:16:00:00:d2 ARP 42 192.168.0.101 is
at 00:0c:29:50:a9:fc
 73 36.731287000 192.168.0.101 -> 192.168.0.10 TCP 66 49559 > 5094 [SYN] Seq=0
Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
 74 36.731776000 192.168.0.10 -> 192.168.0.101 TCP 66 5094 > 49559 [SYN, ACK]
Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=4
 75 36.731914000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK] Seq=1
Ack=1 Win=5888 Len=0
 76 36.731973000 192.168.0.101 -> 192.168.0.10 HART_IP 67 Session Initiate
Request, Sequence Number 2
 77 36.732305000 192.168.0.10 -> 192.168.0.101 TCP 60 5094 > 49559 [ACK] Seq=1
Ack=14 Win=5840 Len=0
 78 36.738867000 192.168.0.10 -> 192.168.0.101 HART_IP 67 Session Initiate
Response, Sequence Number 2
 79 36.739020000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK] Seq=14
Ack=14 Win=5888 Len=0
 80 36.779749000 192.168.0.101 -> 192.168.0.10 HART_IP 67 Pass Through Request,
Sequence Number 3
 81 36.783281000 192.168.0.10 -> 192.168.0.101 HART_IP 91 Pass Through
Response, Sequence Number 3
 82 36.783599000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK] Seq=27
Ack=51 Win=5888 Len=0
 83 36.831698000 192.168.0.101 -> 192.168.0.10 HART_IP 71 Pass Through Request,
Sequence Number 4
 84 36.835878000 192.168.0.10 -> 192.168.0.101 HART_IP 78 Pass Through
Response, Sequence Number 4
 85 36.836141000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK] Seq=44
Ack=75 Win=5888 Len=0
 86 36.883773000 192.168.0.101 -> 192.168.0.10 HART_IP 71 Pass Through Request,
Sequence Number 5
 87 36.887620000 192.168.0.10 -> 192.168.0.101 HART_IP 81 Pass Through
Response, Sequence Number 5
 88 36.887977000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK] Seq=61
Ack=102 Win=5888 Len=0
 89 36.935677000 192.168.0.101 -> 192.168.0.10 HART_IP 71 Pass Through Request,
Sequence Number 6
 90 36.939746000 192.168.0.10 -> 192.168.0.101 HART_IP 97 Pass Through
Response, Sequence Number 6
 91 36.940074000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK] Seq=78
Ack=145 Win=5888 Len=0
 92 36.987814000 192.168.0.101 -> 192.168.0.10 HART_IP 75 Pass Through Request,
Sequence Number 7
 93 36.991914000 192.168.0.10 -> 192.168.0.101 HART_IP 110 Pass Through
Response, Sequence Number 7
 94 36.992069000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK] Seq=99
Ack=201 Win=5888 Len=0
 95 37.039641000 192.168.0.101 -> 192.168.0.10 HART_IP 71 Pass Through Request,
Sequence Number 8
 96 37.043194000 192.168.0.10 -> 192.168.0.101 HART_IP 97 Pass Through
Response, Sequence Number 8
 97 37.043406000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK]
Seq=116 Ack=244 Win=5888 Len=0
 98 37.091709000 192.168.0.101 -> 192.168.0.10 HART_IP 71 Pass Through Request,
Sequence Number 9
 99 37.095274000 192.168.0.10 -> 192.168.0.101 HART_IP 94 Pass Through
Response, Sequence Number 9
100 37.095525000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK]
Seq=133 Ack=284 Win=5888 Len=0
101 37.143833000 192.168.0.101 -> 192.168.0.10 HART_IP 71 Pass Through Request,
Sequence Number 10
102 37.147341000 192.168.0.10 -> 192.168.0.101 HART_IP 105 Pass Through
Response, Sequence Number 10
103 37.147514000 192.168.0.101 -> 192.168.0.10 TCP 54 49559 > 5094 [ACK]
Seq=150 Ack=335 Win=5888 Len=0

(process:4195): GLib-ERROR **: /build/buildd/glib2.0-2.32.3/./glib/gmem.c:165:
failed to allocate 18446744073692774400 bytes

Program received signal SIGTRAP, Trace/breakpoint trap.
0x00007ffff2f03fdb in g_logv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
(gdb) bt 
#0  0x00007ffff2f03fdb in g_logv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007ffff2f041b2 in g_log () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff2f02aaf in g_malloc () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff7b57792 in pcapng_read_packet_block (fh=0x179dd80,
bh=0x7fffffffdad0, pn=0x1799f20, wblock=0x7fffffffdb20, err=0x7fffffffde14, 
    err_info=0x7fffffffddd8, enhanced=1) at pcapng.c:1144
#4  0x00007ffff7b59564 in pcapng_read_block (fh=0x179dd80, first_block=0,
pn=0x1799f20, wblock=0x7fffffffdb20, err=0x7fffffffde14,
err_info=0x7fffffffddd8)
    at pcapng.c:1935
#5  0x00007ffff7b59df2 in pcapng_read (wth=0x179dc00, err=0x7fffffffde14,
err_info=0x7fffffffddd8, data_offset=0x7fffffffdde0) at pcapng.c:2177
#6  0x00007ffff7b6aa15 in wtap_read (wth=0x179dc00, err=0x7fffffffde14,
err_info=0x7fffffffddd8, data_offset=0x7fffffffdde0) at wtap.c:868
#7  0x000000000041d473 in load_cap_file (cf=0x653ce0, save_file=0x0,
out_file_type=2, out_file_name_res=0, max_packet_count=-103, max_byte_count=0)
    at tshark.c:3039
#8  0x000000000041b87d in main (argc=4, argv=0x7fffffffe238) at tshark.c:1918
(gdb) fr 3
#3  0x00007ffff7b57792 in pcapng_read_packet_block (fh=0x179dd80,
bh=0x7fffffffdad0, pn=0x1799f20, wblock=0x7fffffffdb20, err=0x7fffffffde14, 
    err_info=0x7fffffffddd8, enhanced=1) at pcapng.c:1144
1144            option_content = (char *)g_malloc(opt_cont_buf_len);
(gdb) p/u opt_cont_buf_len
$1 = 4278190080
(gdb) p/u (gsize)opt_cont_buf_len
$2 = 18446744073692774400
(gdb)

All of these seems to be affected:

 pcapng_read_section_header_block()
 pcapng_read_if_descr_block()
 pcapng_read_packet_block()
 pcapng_read_interface_statistics_block()
You are receiving this mail because:
You are watching all bug changes.
References:
- [Wireshark-bugs] [Bug 8752] New: Erroneous Sign Extension and Faulty Memory Allocation at pcapng_read_interface_statistics_block()
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 7318] assertion failed when I quit wireshark without stopping capture
Next by Date: [Wireshark-bugs] [Bug 8756] New: gsm_a_dtap dissector (SMS): under certain conditions fillbits may be displayed for an alphanumeric TP-Originating-Address
Previous by thread: [Wireshark-bugs] [Bug 8752] Erroneous Sign Extension and Faulty Memory Allocation at pcapng_read_interface_statistics_block()
Next by thread: [Wireshark-bugs] [Bug 8752] Erroneous Sign Extension and Faulty Memory Allocation at pcapng_read_interface_statistics_block()
Index(es):
- Date
- Thread