Wireshark-bugs: [Wireshark-bugs] [Bug 8740] Bluetooth: Improve HFP dissection
Date: Mon, 03 Jun 2013 12:30:48 +0000
| What | Removed | Added |
|---|---|---|
| CC | [email protected] | |
| Attachment #10877 is obsolete | 1 | |
| Attachment #10877 Flags | review_for_checkin? | |
| Attachment #10913 Flags | review_for_checkin? |
Comment # 3
on bug 8740
from Michal Labedzki
Created attachment 10913 [details]
[PATCH 1] Bluetooth: Improve HFP dissection
Changelog:
1. Fix/valgrind crash/issues.
2. Partially implemented TODO point 1.
Comment # 2
on bug 8740
from Evan Huus
(In reply to comment #0) > By the way: > It seems that there is WMEM bug. When I try to switch > "Force treat packets as AG or HS role" to "Sent is AG, Rcvd is HS" there is > crash in wmem_alloc... Could anyone see that? I took a quick look, it's not a wmem bug (though that is where it's crashing). Valgrind says that you're writing to memory you don't own. It looks like that happens to be where wmem is storing some internal data, so the next time you try and use it, it blows up. The valgrind errors I got: ==13949== Invalid write of size 2 ==13949== at 0x4C2E8E3: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x6528F74: dissect_bthfp (string3.h:51) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== Address 0xf9991fc is 12 bytes inside a block of size 13 alloc'd ==13949== at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x93D3CF0: g_malloc (gmem.c:159) ==13949== by 0x6E66718: wmem_simple_alloc (wmem_allocator_simple.c:51) ==13949== by 0x6528C08: dissect_bthfp (packet-bthfp.c:1253) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== ==13949== Invalid write of size 1 ==13949== at 0x4C2EA43: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x6528F74: dissect_bthfp (string3.h:51) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== Address 0xf999896 is 3 bytes after a block of size 19 alloc'd ==13949== at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x93D3CF0: g_malloc (gmem.c:159) ==13949== by 0x6E66718: wmem_simple_alloc (wmem_allocator_simple.c:51) ==13949== by 0x6528C08: dissect_bthfp (packet-bthfp.c:1253) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== ==13949== Invalid read of size 1 ==13949== at 0x4C2EA40: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x6528F55: dissect_bthfp (string3.h:51) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== Address 0x12b5b56d is 0 bytes after a block of size 13 alloc'd ==13949== at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x93D3CF0: g_malloc (gmem.c:159) ==13949== by 0x6E66718: wmem_simple_alloc (wmem_allocator_simple.c:51) ==13949== by 0x652891E: dissect_bthfp (packet-bthfp.c:1126) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== ==13949== Conditional jump or move depends on uninitialised value(s) ==13949== at 0x65277D1: dissect_at_command (packet-bthfp.c:707) ==13949== by 0x6528F06: dissect_bthfp (packet-bthfp.c:1293) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== ==13949== Use of uninitialised value of size 8 ==13949== at 0x65277FA: dissect_at_command (packet-bthfp.c:708) ==13949== by 0x6528F06: dissect_bthfp (packet-bthfp.c:1293) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== ==13949== Use of uninitialised value of size 8 ==13949== at 0x6527804: dissect_at_command (packet-bthfp.c:709) ==13949== by 0x6528F06: dissect_bthfp (packet-bthfp.c:1293) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== ==13949== Conditional jump or move depends on uninitialised value(s) ==13949== at 0x652782E: dissect_at_command (packet-bthfp.c:707) ==13949== by 0x6528F06: dissect_bthfp (packet-bthfp.c:1293) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== ==13949== Conditional jump or move depends on uninitialised value(s) ==13949== at 0xA041040: vfprintf (vfprintf.c:1655) ==13949== by 0xA103BFF: __vsnprintf_chk (vsnprintf_chk.c:63) ==13949== by 0x63CE204: col_append_fstr (column-utils.c:335) ==13949== by 0x65278C8: dissect_at_command (packet-bthfp.c:718) ==13949== by 0x6528F06: dissect_bthfp (packet-bthfp.c:1293) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== ==13949== Conditional jump or move depends on uninitialised value(s) ==13949== at 0x93EC581: g_strstr_len (gstrfuncs.c:2612) ==13949== by 0x6527E9F: dissect_at_command (packet-bthfp.c:725) ==13949== by 0x6528F06: dissect_bthfp (packet-bthfp.c:1293) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== ==13949== Invalid write of size 1 ==13949== at 0x4C2EA1A: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x6528F74: dissect_bthfp (string3.h:51) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== Address 0x12b5d0f4 is not stack'd, malloc'd or (recently) free'd ==13949== ==13949== Invalid read of size 1 ==13949== at 0x4C2E951: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x6528F55: dissect_bthfp (string3.h:51) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x652D108: dissect_b_frame.constprop.12 (packet-btl2cap.c:1331) ==13949== Address 0x12b5b56d is 0 bytes after a block of size 13 alloc'd ==13949== at 0x4C2CD7B: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==13949== by 0x93D3CF0: g_malloc (gmem.c:159) ==13949== by 0x6E66718: wmem_simple_alloc (wmem_allocator_simple.c:51) ==13949== by 0x652891E: dissect_bthfp (packet-bthfp.c:1126) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) ==13949== by 0x63DF646: dissector_try_uint (packet.c:995) ==13949== by 0x6533CB2: dissect_btrfcomm (packet-btrfcomm.c:747) ==13949== by 0x63DE567: call_dissector_through_handle (packet.c:458) ==13949== by 0x63DED9C: call_dissector_work (packet.c:552) ==13949== by 0x63DF5EF: dissector_try_uint_new (packet.c:969) Also, when compiling with latest GCC there are a few warnings: packet-bthfp.c: In function 'dissect_at_command': packet-bthfp.c:881:49: error: 'type' may be used uninitialized in this function [-Werror=maybe-uninitialized] packet-bthfp.c:883:57: error: 'type_item' may be used uninitialized in this function [-Werror=maybe-uninitialized]
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 8758] Added AAAA type to the DNS dissector fields
- Next by Date: [Wireshark-bugs] [Bug 8758] Added AAAA type to the DNS dissector fields
- Previous by thread: [Wireshark-bugs] [Bug 8759] Wireshark failed to dissect transaction id and other information in BT-DHT packet
- Next by thread: [Wireshark-bugs] [Bug 8740] Bluetooth: Improve HFP dissection
- Index(es):