Wireshark-bugs: [Wireshark-bugs] [Bug 9323] Buildbot crash output: fuzz-2013-10-25-12569.pcap

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 28 Oct 2013 00:38:57 +0000

Comment # 16 on bug 9323 from 
In addition to Jakub's concern, this patch causes a crash with the capture from
bug #9292 with the following trace:

#2  0x00007f74e834edf4 in g_malloc (n_bytes=n_bytes@entry=437014187) at
/build/buildd/glib2.0-2.38.0/./glib/gmem.c:109
#3  0x00007f74e8366138 in g_strndup (
    str=0x7f74ea7e9f38 "wrong_fieldWrong field in SEQUENCE  expected
class:%s(%d) tag:%d but found class:%s(%d) tag:%d", n=437014186)
    at /build/buildd/glib2.0-2.38.0/./glib/gstrfuncs.c:428
#4  0x00007f74e9c02f14 in proto_tree_set_string (fi=0x2978bf4, value=<optimized
out>, length=<optimized out>) at proto.c:2596
#5  0x00007f74e9c06a73 in proto_tree_add_string (tree=tree@entry=0x297b9e4,
hfindex=6744, tvb=<optimized out>, start=<optimized out>, length=437014186, 
    value=0x7f74ea7e9f38 "wrong_fieldWrong field in SEQUENCE  expected
class:%s(%d) tag:%d but found class:%s(%d) tag:%d") at proto.c:2494
#6  0x00007f74e9c0c2ff in proto_tree_add_string_format_value
(tree=tree@entry=0x297b9e4, hfindex=<optimized out>, tvb=tvb@entry=0x27fe850, 
    start=start@entry=60, length=<optimized out>, 
    value=value@entry=0x7f74ea7e9f38 "wrong_fieldWrong field in SEQUENCE 
expected class:%s(%d) tag:%d but found class:%s(%d) tag:%d", 
    format=0x7f74eab2f6fe "CONTEXT") at proto.c:2516
#7  0x00007f74e9ced05c in dissect_ber_old_sequence
(implicit_tag=implicit_tag@entry=0, actx=0x7ffff37358d0, parent_tree=<optimized
out>, tvb=0x27fe850, 
    offset=60, seq=0x7f74ebe326d8 <KDC_REQ_sequence+24>,
seq@entry=0x7f74ebe326c0 <KDC_REQ_sequence>, hf_id=hf_id@entry=-1,
ett_id=ett_id@entry=-1)
    at packet-ber.c:2472
#8  0x00007f74e9fbacb0 in dissect_krb5_KDC_REQ (tree=<optimized out>,
tvb=<optimized out>, offset=<optimized out>, actx=<optimized out>)
    at packet-kerberos.c:4022
#9  0x00007f74e9ce9f7e in dissect_ber_old_choice
(actx=actx@entry=0x7ffff37358d0, parent_tree=0x297b9e4,
tvb=tvb@entry=0x27a5540, 
    offset=<optimized out>, choice=choice@entry=0x7f74eb6729a0
<kerberos_applications_choice>, hf_id=hf_id@entry=-1, ett_id=ett_id@entry=-1, 
    branch_taken=branch_taken@entry=0x0) at packet-ber.c:3612
#10 0x00007f74e9fbeafd in dissect_kerberos_common (tvb=0x27a5540,
pinfo=pinfo@entry=0x2782388, tree=<optimized out>, dci=dci@entry=1, 
    do_col_protocol=do_col_protocol@entry=1, have_rm=have_rm@entry=1,
cb=cb@entry=0x0) at packet-kerberos.c:4783

because it's adding a string with an invalid length, and we're trying to alloc
that much to do the strndup.

You are receiving this mail because:
  • You are watching all bug changes.