Wireshark-bugs: [Wireshark-bugs] [Bug 9027] New: Another fuzz failure in print_hex_data_buffer

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 09 Aug 2013 21:29:25 +0000
Bug ID 9027
Summary Another fuzz failure in print_hex_data_buffer
Classification Unclassified
Product Wireshark
Version SVN
Hardware All
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Build Information:
TShark 1.11.0 (SVN Rev 51239 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.34.2, with libpcap, with libz 1.2.7, without
POSIX
capabilities, without libnl, without SMI, with c-ares 1.9.1, with Lua 5.1,
without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.0, without Kerberos,
without GeoIP.

Running on Linux 3.9.11-200.fc18.x86_64, with locale en_US.UTF-8, with libpcap
version 1.3.0, with libz 1.2.7.
        Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz

Built using gcc 4.7.2 20121109 (Red Hat 4.7.2-8).

--
Got a fuzz failure:

~~~
 ERROR
Processing failed. Capture info follows:

  Input file: ../../caps/SampleCaptures/jxta-mcast-sample.pcap
  Output file: /tmp/fuzz-2013-08-09-13162.pcap

stderr follows:

Input file: ../../caps/SampleCaptures/jxta-mcast-sample.pcap

Build host information:
Linux XXX 3.9.11-200.fc18.x86_64 #1 SMP Mon Jul 22 21:04:50 UTC 2013 x86_64
x86_64 x86_64 GNU/Linux

Return value:  139

Dissector bug:  0

Valgrind error count:  0




Command and args: ./tshark -nVxr


(process:27795): jxta-WARNING **: Failure processing message element #1 of 5 of
frame 28

(process:27795): jxta-WARNING **: Failure processing message element #3 of 5 of
frame 52
[...]
~~~

Backtrace:

~~~

#0  print_hex_data_buffer (stream=stream@entry=0x2c43390, cp=0x2dd6000 <Address
0x2dd6000 out of bounds>, length=length@entry=138529,
encoding=PACKET_CHAR_ENC_CHAR_ASCII) at ../../epan/print.c:1002
#1  0x00007fb371374189 in print_hex_data (stream=0x2c43390,
edt=edt@entry=0x7ffff06f6f80) at ../../epan/print.c:919
#2  0x00000000004119a7 in print_packet (cf=cf@entry=0x63ca00 <cfile>,
edt=edt@entry=0x7ffff06f6f80) at ../tshark.c:3759
#3  0x000000000041326c in process_packet (cf=cf@entry=0x63ca00 <cfile>,
offset=<optimized out>, whdr=<optimized out>, pd=pd@entry=0x2d7e530 "",
filtering_tap_listeners=<optimized out>, 
    filtering_tap_listeners@entry=0, tap_flags=tap_flags@entry=4) at
../tshark.c:3364
#4  0x000000000040af7d in load_cap_file (cf=0x63ca00 <cfile>, max_byte_count=0,
max_packet_count=-345, out_file_name_res=<optimized out>, out_file_type=2,
save_file=0x0) at ../tshark.c:3138
#5  main (argc=<optimized out>, argv=<optimized out>) at ../tshark.c:1950
~~~

That makes it look like bug 8941.

You are receiving this mail because:
  • You are watching all bug changes.