Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8880] New: Fuzz crash: seg-fault in LTE-RRC dissector

Wireshark-bugs: [Wireshark-bugs] [Bug 8880] New: Fuzz crash: seg-fault in LTE-RRC dissector

Date: Tue, 02 Jul 2013 17:29:33 +0000
Bug ID	8880
Summary	Fuzz crash: seg-fault in LTE-RRC dissector
Classification	Unclassified
Product	Wireshark
Version	SVN
Hardware	x86
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Build Information:
TShark 1.11.0 (SVN Rev 50212 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.34.2, with libpcap, with libz 1.2.7, without
POSIX
capabilities, without libnl, without SMI, with c-ares 1.9.1, with Lua 5.1,
without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.0, without Kerberos,
without GeoIP.

Running on Linux 3.9.2-200.fc18.x86_64, with locale C, with libpcap version
1.3.0, with libz 1.2.7.
        Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz

Built using gcc 4.7.2 20121109 (Red Hat 4.7.2-8).

--
Running some fuzz testing I got 2 identical crashes in LTE-RRC.  I'll attach
both fuzz'd capture files.

I may not have time to look at this for a few days.

Fuzz tool reports:

~~~
Processing failed. Capture info follows:

  Input file: ../caps/menagerie/public/6837-ho.pcap
stderr follows:

Input file: ../caps/menagerie/public/6837-ho.pcap

Build host information:
Linux XXX 3.9.2-200.fc18.x86_64 #1 SMP Mon May 13 13:59:47 UTC 2013 x86_64
x86_64 x86_64 GNU/Linux

Return value:  139

Dissector bug:  0

Valgrind error count:  0



Subversion revision
------------------------------------------------------------------------
r50212 | pascal | 2013-06-28 09:05:12 -0400 (Fri, 28 Jun 2013) | 2 lines

Use newly assigned DLT for PDU export functionality

------------------------------------------------------------------------


Command and args: ./tshark -nVxr
~~~

Backtrace:

~~~
#0  0x00007f441fbc21cf in dissect_lte_rrc_RLC_Config (tvb=<optimized out>,
offset=312, actx=0x7fff5346be30, tree=<optimized out>, hf_index=<optimized
out>) at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:6734
#1  0x00007f441f910f52 in dissect_per_choice (tvb=0x2450240, offset=282,
actx=0x7fff5346be30, tree=<optimized out>, hf_index=56785, ett_index=15316,
choice=choice@entry=
    0x7f4420fd1960 <T_rlc_Config_choice>, value=value@entry=0x0) at
packet-per.c:1652
#2  0x00007f441fbc2284 in dissect_lte_rrc_T_rlc_Config (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:6762
#3  0x00007f441f9112cf in dissect_per_sequence (tvb=0x2450240, offset=281,
actx=0x7fff5346be30, parent_tree=<optimized out>, hf_index=<optimized out>,
ett_index=<optimized out>, sequence=sequence@entry=
    0x7f4420fd18a0 <SRB_ToAddMod_sequence>) at packet-per.c:1803
#4  0x00007f441fbbd91b in dissect_lte_rrc_SRB_ToAddMod (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:6930
#5  0x00007f441f90d73b in dissect_per_sequence_of_helper
(tvb=tvb@entry=0x2450240, offset=offset@entry=277,
actx=actx@entry=0x7fff5346be30, tree=tree@entry=0x245f320, func=
    0x7f441fbbd900 <dissect_lte_rrc_SRB_ToAddMod>, hf_index=56783, length=2) at
packet-per.c:497
#6  0x00007f441f90f560 in dissect_per_constrained_sequence_of (tvb=0x2450240,
offset=277, actx=0x7fff5346be30, parent_tree=<optimized out>,
hf_index=<optimized out>, ett_index=15314, seq=seq@entry=
    0x7f4420fd1870 <SRB_ToAddModList_sequence_of>, min_len=min_len@entry=1,
max_len=max_len@entry=2, has_extension=has_extension@entry=0) at
packet-per.c:874
#7  0x00007f441fbc42f3 in dissect_lte_rrc_SRB_ToAddModList (tvb=<optimized
out>, offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:6943
#8  0x00007f441f9112cf in dissect_per_sequence (tvb=0x2450240, offset=276,
actx=0x7fff5346be30, parent_tree=<optimized out>, hf_index=<optimized out>,
ett_index=<optimized out>, sequence=sequence@entry=
    0x7f4420fce740 <RadioResourceConfigDedicated_sequence>) at
packet-per.c:1803
#9  0x00007f441fbbd15b in dissect_lte_rrc_RadioResourceConfigDedicated
(tvb=<optimized out>, offset=<optimized out>, actx=<optimized out>,
tree=<optimized out>, hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:12339
#10 0x00007f441f9112cf in dissect_per_sequence (tvb=0x2450240, offset=269,
actx=0x7fff5346be30, parent_tree=<optimized out>, hf_index=<optimized out>,
ett_index=<optimized out>, sequence=sequence@entry=
    0x7f4420fd5aa0 <AS_Config_sequence>) at packet-per.c:1803
#11 0x00007f441fbbff7b in dissect_lte_rrc_AS_Config (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:27996
#12 0x00007f441f9112cf in dissect_per_sequence (tvb=0x2450240, offset=120,
actx=0x7fff5346be30, parent_tree=<optimized out>, hf_index=<optimized out>,
ett_index=<optimized out>, sequence=sequence@entry=
    0x7f4420fd4da0 <HandoverPreparationInformation_r8_IEs_sequence>) at
packet-per.c:1803
#13 0x00007f441fbbfddb in dissect_lte_rrc_HandoverPreparationInformation_r8_IEs
(tvb=<optimized out>, offset=<optimized out>, actx=<optimized out>,
tree=<optimized out>, hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:28392
#14 0x00007f441f910f52 in dissect_per_choice (tvb=0x2450240, offset=4,
actx=0x7fff5346be30, tree=<optimized out>, hf_index=57488, ett_index=15652,
choice=choice@entry=0x7f4420fd4c80 <T_c1_35_choice>, 
    value=value@entry=0x0) at packet-per.c:1652
#15 0x00007f441fbc2d44 in dissect_lte_rrc_T_c1_35 (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:28425
#16 0x00007f441f910f52 in dissect_per_choice (tvb=0x2450240, offset=1,
actx=0x7fff5346be30, tree=<optimized out>, hf_index=57487, ett_index=15651,
choice=choice@entry=
    0x7f4420fd4c20 <T_criticalExtensions_39_choice>, value=value@entry=0x0) at
packet-per.c:1652
#17 0x00007f441fbc2d14 in dissect_lte_rrc_T_criticalExtensions_39
(tvb=<optimized out>, offset=<optimized out>, actx=<optimized out>,
tree=<optimized out>, hf_index=<optimized out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:28460
#18 0x00007f441f9112cf in dissect_per_sequence (tvb=tvb@entry=0x2450240,
offset=offset@entry=0, actx=actx@entry=0x7fff5346be30,
parent_tree=parent_tree@entry=0x244f100, hf_index=<optimized out>, 
    ett_index=<optimized out>, sequence=sequence@entry=0x7f4420fd4be0
<HandoverPreparationInformation_sequence>) at packet-per.c:1803
#19 0x00007f441fbd0bdb in dissect_lte_rrc_HandoverPreparationInformation
(tvb=tvb@entry=0x2450240, offset=offset@entry=0,
actx=actx@entry=0x7fff5346be30, tree=tree@entry=0x244f100, hf_index=<optimized
out>)
    at ../../asn1/lte-rrc/packet-lte-rrc-fn.c:28475
#20 0x00007f441fbd0ca0 in dissect_lte_rrc_HandoverPreparationInformation_PDU
(tvb=0x2450240, pinfo=<optimized out>, tree=0x244f100, data="" at
../../asn1/lte-rrc/packet-lte-rrc-fn.c:28696
#21 0x00007f441fcab633 in dissect_s1ap_RRC_Container (tvb=<optimized out>,
offset=1088, actx=0x7fff5346c140, tree=<optimized out>, hf_index=<optimized
out>) at ../../asn1/s1ap/s1ap.cnf:432
#22 0x00007f441f9112cf in dissect_per_sequence (tvb=tvb@entry=0x244ef00,
offset=4, offset@entry=0, actx=actx@entry=0x7fff5346c140,
parent_tree=parent_tree@entry=0x244dd20, hf_index=<optimized out>, 
    ett_index=<optimized out>, sequence=sequence@entry=0x7f4421137500
<SourceeNB_ToTargeteNB_TransparentContainer_sequence>) at packet-per.c:1803
#23 0x00007f441fcb159f in
dissect_s1ap_SourceeNB_ToTargeteNB_TransparentContainer (offset=0,
hf_index=<optimized out>, tree=0x244dd20, actx=0x7fff5346c140, tvb=0x244ef00)
at ../../asn1/s1ap/s1ap.cnf:430
#24 dissect_SourceeNB_ToTargeteNB_TransparentContainer_PDU (data=""
tree=0x244dd20, pinfo=<optimized out>, tvb=0x244ef00) at
../../asn1/s1ap/s1ap.cnf:1136
#25 dissect_s1ap_Source_ToTarget_TransparentContainer (offset=1312,
hf_index=<optimized out>, tree=<optimized out>, actx=0x7fff5346c060,
tvb=<optimized out>) at ../../asn1/s1ap/s1ap.cnf:329
#26 dissect_Source_ToTarget_TransparentContainer_PDU (tvb=<optimized out>,
pinfo=<optimized out>, tree=<optimized out>, data="" out>) at
../../asn1/s1ap/s1ap.cnf:1112
#27 0x00007f441f41c54f in call_dissector_through_handle (handle=0x2383230,
tvb=0x244ede0, pinfo=0x7fff5346dc30, tree=0x244dc90, data="" at packet.c:454
#28 0x00007f441f41cd2d in call_dissector_work (handle=0x2383230,
tvb=tvb@entry=0x244ede0, pinfo_arg=pinfo_arg@entry=0x7fff5346dc30,
tree=tree@entry=0x244dc90, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:552
#29 0x00007f441f41d580 in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=104, tvb=tvb@entry=0x244ede0, pinfo=0x7fff5346dc30,
tree=0x244dc90, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:969
#30 0x00007f441f41d5d7 in dissector_try_uint (sub_dissectors=<optimized out>,
uint_val=<optimized out>, tvb=tvb@entry=0x244ede0, pinfo=<optimized out>,
tree=<optimized out>) at packet.c:995
#31 0x00007f441fca743f in dissect_ProtocolIEFieldValue (tvb=0x244ede0,
pinfo=<optimized out>, tree=<optimized out>, data=""
<hf.20758+18664>)
    at ../../asn1/s1ap/packet-s1ap-template.c:136
#32 0x00007f441f90e816 in dissect_per_open_type_internal (tvb=0x24491e0,
offset=<optimized out>, actx=0x7fff5346c680, tree=0x244c550, hf_index=94739,
type_cb=0x7f441fca7420 <dissect_ProtocolIEFieldValue>, 
    variant=variant@entry=CB_NEW_DISSECTOR) at packet-per.c:231
#33 0x00007f441f90ea30 in dissect_per_open_type_pdu_new (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>, type_cb=<optimized out>)
    at packet-per.c:258
#34 0x00007f441f9112cf in dissect_per_sequence (tvb=0x24491e0, offset=370,
actx=0x7fff5346c680, parent_tree=<optimized out>, hf_index=<optimized out>,
ett_index=<optimized out>, sequence=sequence@entry=
---Type <return> to continue, or q <return> to quit--- 
    0x7f4421134d20 <ProtocolIE_Field_sequence>) at packet-per.c:1803
#35 0x00007f441fca691b in dissect_s1ap_ProtocolIE_Field (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>) at ../../asn1/s1ap/s1ap.cnf:132
#36 0x00007f441f90d73b in dissect_per_sequence_of_helper
(tvb=tvb@entry=0x24491e0, offset=352, offset@entry=24,
actx=actx@entry=0x7fff5346c680, tree=tree@entry=0x2447ac0, func=
    0x7f441fca6900 <dissect_s1ap_ProtocolIE_Field>, hf_index=94736, length=6)
at packet-per.c:497
#37 0x00007f441f90f560 in dissect_per_constrained_sequence_of (tvb=0x24491e0,
offset=24, actx=0x7fff5346c680, parent_tree=<optimized out>,
hf_index=<optimized out>, ett_index=30147, seq=seq@entry=
    0x7f4421134e50 <ProtocolIE_Container_sequence_of>, min_len=min_len@entry=0,
max_len=max_len@entry=65535, has_extension=has_extension@entry=0) at
packet-per.c:874
#38 0x00007f441fcaa273 in dissect_s1ap_ProtocolIE_Container (tvb=<optimized
out>, offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>)
    at ../../asn1/s1ap/s1ap.cnf:145
#39 0x00007f441f9112cf in dissect_per_sequence (tvb=tvb@entry=0x24491e0,
offset=1, offset@entry=0, actx=actx@entry=0x7fff5346c680,
parent_tree=parent_tree@entry=0x2447a00, hf_index=hf_index@entry=94626, 
    ett_index=<optimized out>, sequence=sequence@entry=0x7f44211360e0
<HandoverRequired_sequence>) at packet-per.c:1803
#40 0x00007f441fcaecb5 in dissect_s1ap_HandoverRequired (offset=0,
hf_index=94626, tree=0x2447a00, actx=0x7fff5346c680, tvb=0x24491e0) at
../../asn1/s1ap/s1ap.cnf:293
#41 dissect_HandoverRequired_PDU (tvb=0x24491e0, pinfo=<optimized out>,
tree=0x2447a00, data="" out>) at ../../asn1/s1ap/s1ap.cnf:1360
#42 0x00007f441f41c54f in call_dissector_through_handle (handle=0x2380e40,
tvb=0x24491e0, pinfo=0x7fff5346dc30, tree=0x2447a00, data="" at packet.c:454
#43 0x00007f441f41cd2d in call_dissector_work (handle=0x2380e40,
tvb=tvb@entry=0x24491e0, pinfo_arg=pinfo_arg@entry=0x7fff5346dc30,
tree=tree@entry=0x2447a00, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:552
#44 0x00007f441f41d580 in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=0, tvb=tvb@entry=0x24491e0, pinfo=0x7fff5346dc30,
tree=0x2447a00, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:969
#45 0x00007f441f41d5d7 in dissector_try_uint (sub_dissectors=<optimized out>,
uint_val=<optimized out>, tvb=tvb@entry=0x24491e0, pinfo=<optimized out>,
tree=<optimized out>) at packet.c:995
#46 0x00007f441fca73ff in dissect_InitiatingMessageValue (tvb=0x24491e0,
pinfo=<optimized out>, tree=<optimized out>, data=""
<hf.20758+38288>)
    at ../../asn1/s1ap/packet-s1ap-template.c:157
#47 0x00007f441f90e816 in dissect_per_open_type_internal (tvb=0x24481e0,
offset=<optimized out>, actx=0x7fff5346ca80, tree=0x24478d0, hf_index=94962,
type_cb=
    0x7f441fca73e0 <dissect_InitiatingMessageValue>,
variant=variant@entry=CB_NEW_DISSECTOR) at packet-per.c:231
#48 0x00007f441f90ea30 in dissect_per_open_type_pdu_new (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>, type_cb=<optimized out>)
    at packet-per.c:258
#49 0x00007f441f9112cf in dissect_per_sequence (tvb=0x24481e0, offset=18,
actx=0x7fff5346ca80, parent_tree=<optimized out>, hf_index=<optimized out>,
ett_index=<optimized out>, sequence=sequence@entry=
    0x7f4421139060 <InitiatingMessage_sequence>) at packet-per.c:1803
#50 0x00007f441fca68fb in dissect_s1ap_InitiatingMessage (tvb=<optimized out>,
offset=<optimized out>, actx=<optimized out>, tree=<optimized out>,
hf_index=<optimized out>) at ../../asn1/s1ap/s1ap.cnf:130
#51 0x00007f441f910f52 in dissect_per_choice (tvb=tvb@entry=0x24481e0,
offset=3, offset@entry=0, actx=actx@entry=0x7fff5346ca80,
tree=tree@entry=0x2447810, hf_index=94729, ett_index=30366, 
    choice=choice@entry=0x7f4421138f20 <S1AP_PDU_choice>,
value=value@entry=0x0) at packet-per.c:1652
#52 0x00007f441fcb186c in dissect_s1ap_S1AP_PDU (offset=0, hf_index=<optimized
out>, tree=0x2447810, actx=0x7fff5346ca80, tvb=0x24481e0) at
../../asn1/s1ap/s1ap.cnf:162
#53 dissect_S1AP_PDU_PDU (data="" tree=0x2447810, pinfo=0x7fff5346dc30,
tvb=0x24481e0) at ../../asn1/s1ap/s1ap.cnf:2184
#54 dissect_s1ap (tvb=0x24481e0, pinfo=0x7fff5346dc30, tree=<optimized out>) at
../../asn1/s1ap/packet-s1ap-template.c:184
#55 0x00007f441f41c508 in call_dissector_through_handle (handle=0x1733480,
tvb=0x24481e0, pinfo=0x7fff5346dc30, tree=0x23f3d90, data="" at packet.c:458
#56 0x00007f441f41cd2d in call_dissector_work (handle=0x1733480,
tvb=tvb@entry=0x24481e0, pinfo_arg=pinfo_arg@entry=0x7fff5346dc30,
tree=tree@entry=0x23f3d90, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:552
#57 0x00007f441f41d580 in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=uint_val@entry=18, tvb=tvb@entry=0x24481e0,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90, 
    add_proto_name=add_proto_name@entry=1, data="" at packet.c:969
#58 0x00007f441f41d5d7 in dissector_try_uint (sub_dissectors=<optimized out>,
uint_val=uint_val@entry=18, tvb=tvb@entry=0x24481e0,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90)
    at packet.c:995
#59 0x00007f441f9d78d2 in dissect_payload
(payload_tvb=payload_tvb@entry=0x24481e0, pinfo=pinfo@entry=0x7fff5346dc30,
tree=tree@entry=0x23f3d90, ppi=ppi@entry=18) at packet-sctp.c:2063
#60 0x00007f441f9d8d80 in dissect_data_chunk
(chunk_tvb=chunk_tvb@entry=0x2447c00, chunk_length=chunk_length@entry=234,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90, 
    chunk_tree=chunk_tree@entry=0x24474d0,
chunk_item=chunk_item@entry=0x24474d0, flags_item=flags_item@entry=0x2447590,
ha=ha@entry=0x7f44198b5bc0) at packet-sctp.c:2872
#61 0x00007f441f9da938 in dissect_sctp_chunk (chunk_tvb=0x2447c00,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90,
sctp_tree=sctp_tree@entry=0x2445920, ha=ha@entry=0x7f44198b5bc0, useinfo=1)
    at packet-sctp.c:3754
#62 0x00007f441f9db3de in dissect_sctp_chunks (encapsulated=<optimized out>,
ha=<optimized out>, sctp_tree=0x2445920, sctp_item=0x2445920, tree=<optimized
out>, pinfo=<optimized out>, tvb=<optimized out>)
    at packet-sctp.c:3870
#63 dissect_sctp_packet (tvb=tvb@entry=0x24470c0,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90,
encapsulated=encapsulated@entry=0) at packet-sctp.c:4031
#64 0x00007f441f9dbbf6 in dissect_sctp (tvb=0x24470c0, pinfo=0x7fff5346dc30,
tree=0x23f3d90) at packet-sctp.c:4080
#65 0x00007f441f41c508 in call_dissector_through_handle (handle=0x157e180,
tvb=0x24470c0, pinfo=0x7fff5346dc30, tree=0x23f3d90, data="" at packet.c:458
#66 0x00007f441f41cd2d in call_dissector_work (handle=0x157e180,
tvb=tvb@entry=0x24470c0, pinfo_arg=pinfo_arg@entry=0x7fff5346dc30,
tree=tree@entry=0x23f3d90, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:552
#67 0x00007f441f41d580 in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=uint_val@entry=132, tvb=tvb@entry=0x24470c0,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90, 
    add_proto_name=add_proto_name@entry=1, data="" at packet.c:969
#68 0x00007f441f41d5d7 in dissector_try_uint (sub_dissectors=<optimized out>,
uint_val=uint_val@entry=132, tvb=tvb@entry=0x24470c0,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90)
    at packet.c:995
#69 0x00007f441f7afbbd in dissect_ip (tvb=0x24451e0, pinfo=<optimized out>,
parent_tree=0x23f3d90) at packet-ip.c:2413
#70 0x00007f441f41c508 in call_dissector_through_handle (handle=0x1548ed0,
tvb=0x24451e0, pinfo=0x7fff5346dc30, tree=0x23f3d90, data="" at packet.c:458
#71 0x00007f441f41cd2d in call_dissector_work (handle=0x1548ed0,
tvb=tvb@entry=0x24451e0, pinfo_arg=pinfo_arg@entry=0x7fff5346dc30,
tree=tree@entry=0x23f3d90, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:552
#72 0x00007f441f41d580 in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=uint_val@entry=2048, tvb=0x24451e0,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90, 
---Type <return> to continue, or q <return> to quit---
    add_proto_name=add_proto_name@entry=1, data="" at packet.c:969
#73 0x00007f441f41d5d7 in dissector_try_uint (sub_dissectors=<optimized out>,
uint_val=uint_val@entry=2048, tvb=<optimized out>,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90) at packet.c:995
#74 0x00007f441f684f8f in ethertype (etype=2048, tvb=tvb@entry=0x24059e0,
offset_after_etype=offset_after_etype@entry=14,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90,
fh_tree=fh_tree@entry=
    0x23f4130, etype_id=24978, trailer_id=24982, fcs_len=fcs_len@entry=-1) at
packet-ethertype.c:280
#75 0x00007f441f68388d in dissect_eth_common (tvb=0x24059e0,
pinfo=0x7fff5346dc30, parent_tree=0x23f3d90, fcs_len=-1) at packet-eth.c:408
#76 0x00007f441f41c508 in call_dissector_through_handle (handle=0x1233a20,
tvb=0x24059e0, pinfo=0x7fff5346dc30, tree=0x23f3d90, data="" at packet.c:458
#77 0x00007f441f41cd2d in call_dissector_work (handle=0x1233a20,
tvb=tvb@entry=0x24059e0, pinfo_arg=pinfo_arg@entry=0x7fff5346dc30,
tree=tree@entry=0x23f3d90, add_proto_name=add_proto_name@entry=1, 
    data="" at packet.c:552
#78 0x00007f441f41d580 in dissector_try_uint_new (sub_dissectors=<optimized
out>, uint_val=1, tvb=tvb@entry=0x24059e0, pinfo=pinfo@entry=0x7fff5346dc30,
tree=tree@entry=0x23f3d90, 
    add_proto_name=add_proto_name@entry=1, data="" at packet.c:969
#79 0x00007f441f41d5d7 in dissector_try_uint (sub_dissectors=<optimized out>,
uint_val=<optimized out>, tvb=tvb@entry=0x24059e0,
pinfo=pinfo@entry=0x7fff5346dc30, tree=tree@entry=0x23f3d90) at packet.c:995
#80 0x00007f441f6b8a08 in dissect_frame (tvb=0x24059e0, pinfo=0x7fff5346dc30,
parent_tree=0x23f3d90) at packet-frame.c:483
#81 0x00007f441f41c508 in call_dissector_through_handle (handle=0xf59100,
tvb=0x24059e0, pinfo=0x7fff5346dc30, tree=0x23f3d90, data="" at packet.c:458
#82 0x00007f441f41cd2d in call_dissector_work (handle=0xf59100, tvb=0x24059e0,
pinfo_arg=0x7fff5346dc30, tree=0x23f3d90, add_proto_name=1, data="" at
packet.c:552
#83 0x00007f441f41eaa1 in call_dissector_with_data (handle=<optimized out>,
tvb=0x24059e0, pinfo=pinfo@entry=0x7fff5346dc30, tree=0x23f3d90,
data="" at packet.c:2086
#84 0x00007f441f41eb68 in call_dissector (handle=<optimized out>,
tvb=<optimized out>, pinfo=pinfo@entry=0x7fff5346dc30, tree=<optimized out>) at
packet.c:2104
#85 0x00007f441f41ee80 in dissect_packet (edt=edt@entry=0x7fff5346dc20,
phdr=phdr@entry=0x23eed60, pd=pd@entry=0x23f46f0
"\b\031\246&\021\365(n\324\223\323\267\b", fd=fd@entry=0x7fff5346dba0,
cinfo=0x0)
    at packet.c:392
#86 0x00007f441f413f1c in epan_dissect_run_with_taps
(edt=edt@entry=0x7fff5346dc20, phdr=phdr@entry=0x23eed60,
data="" "\b\031\246&\021\365(n\324\223\323\267\b",
fd=fd@entry=
    0x7fff5346dba0, cinfo=cinfo@entry=0x0) at epan.c:219
#87 0x0000000000417530 in process_packet (cf=cf@entry=0x642ac0 <cfile>,
offset=<optimized out>, whdr=0x23eed60, pd=pd@entry=0x23f46f0
"\b\031\246&\021\365(n\324\223\323\267\b", 
    filtering_tap_listeners=<optimized out>, filtering_tap_listeners@entry=0,
tap_flags=tap_flags@entry=4) at tshark.c:3246
#88 0x000000000040b0dd in load_cap_file (cf=0x642ac0 <cfile>, max_byte_count=0,
max_packet_count=0, out_file_name_res=0, out_file_type=2, save_file=0x0) at
tshark.c:3041
#89 main (argc=<optimized out>, argv=<optimized out>) at tshark.c:1918
~~~
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 8880] Fuzz crash: seg-fault in LTE-RRC dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8880] Fuzz crash: seg-fault in LTE-RRC dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8880] Fuzz crash: seg-fault in LTE-RRC dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8880] Fuzz crash: seg-fault in LTE-RRC dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8880] Fuzz crash: seg-fault in LTE-RRC dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8880] Fuzz crash: seg-fault in LTE-RRC dissector
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 8879] Protocol Dissector Bug
Next by Date: [Wireshark-bugs] [Bug 8879] Protocol Dissector Bug
Previous by thread: [Wireshark-bugs] [Bug 8879] HSMS protocol dissector plugin bug
Next by thread: [Wireshark-bugs] [Bug 8880] Fuzz crash: seg-fault in LTE-RRC dissector
Index(es):
- Date
- Thread