Wireshark-bugs: [Wireshark-bugs] [Bug 9483] New: SIGSEGV/SIGABRT during free of TvbRange using a

Date: Wed, 27 Nov 2013 09:48:10 +0000
Bug ID 9483
Summary SIGSEGV/SIGABRT during free of TvbRange using a chained dissector in lua
Classification Unclassified
Product Wireshark
Version SVN
Hardware x86-64
OS Fedora
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 12183 [details]
Output from GDB bt command for the two crashes

Build Information:
$ ./wireshark -v
wireshark 1.11.3 (SVN Rev 53611 from master)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.22, with Cairo 1.13.1, with Pango 1.36.1, with
GLib 2.38.2, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
without libnl, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without
Python,
with GnuTLS 3.1.17, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Aug  4 2013 06:59:20), with AirPcap.

Running on Linux 3.11.8-300.fc20.x86_64, with locale en_US.UTF-8, with libpcap
version 1.5.0, with libz 1.2.8, GnuTLS 3.1.17, Gcrypt 1.5.3, without AirPcap.
       Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz

Built using gcc 4.8.2 20131017 (Red Hat 4.8.2-1).

--
I'm getting SIGSEGV/SIGABRT when opening wireshark with the attached pcap and
lua script.

Wireshark is compiled from the the latest source (svn revision 53611) with -O0
-g and started through gdb.

See the attached printout from the gdb session for the full backtrace, but here
are the two topmost parts of the backtrace.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5795fe5 in free_TvbRange (tvbr=0x7fffe36011b0) at ./wslua_tvb.c:376
376         if (!tvbr->tvb->expired) {
(gdb) bt
#0  0x00007ffff5795fe5 in free_TvbRange (tvbr=0x7fffe36011b0) at
./wslua_tvb.c:376
#1  0x00007ffff5798c08 in TvbRange__gc (L=0x17bf6f0) at ./wslua_tvb.c:1334
#2  0x0000003cd6811905 in luaD_precall (L=L@entry=0x17bf6f0, func=<optimized
out>, nresults=0) at ldo.c:318

Program received signal SIGABRT, Aborted.
0x0000003cd2835c59 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x0000003cd2835c59 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x0000003cd2837368 in __GI_abort () at abort.c:89
#2  0x0000003cd2875da4 in __libc_message (do_abort=do_abort@entry=2,
fmt=fmt@entry=0x3cd297c648 "*** Error in `%s': %s: 0x%s ***\n") at
../sysdeps/posix/libc_fatal.c:175
#3  0x0000003cd287d098 in malloc_printerr (ptr=<optimized out>,
str=0x3cd297c700 "double free or corruption (out)", action="" at malloc.c:4930
#4  _int_free (av=0x3cd2bb8760 <main_arena>, p=<optimized out>, have_lock=0) at
malloc.c:3782
#5  0x000000335de4ef7f in g_free (mem=0x7fffe36011d0) at gmem.c:197
#6  0x00007ffff5795f7d in free_Tvb (tvb=0x7fffe36011d0) at ./wslua_tvb.c:362
#7  0x00007ffff579600b in free_TvbRange (tvbr=0x7fffe36011b0) at
./wslua_tvb.c:379
#8  0x00007ffff5798c08 in TvbRange__gc (L=0x17bf700) at ./wslua_tvb.c:1334
#9  0x0000003cd6811905 in luaD_precall (L=L@entry=0x17bf700, func=<optimized
out>, nresults=0) at ldo.c:318

Wireshark is started with the following arguments
-X lua_script:/home/jonasj/crash_ws.lua -r /home/jonasj/dump.pcap

The pcap file and the lua script which causes the crash are also attached.

Beside the latest svn version I've also seen this problem with the Fedora 20
shipped wireshark (wireshark-1.10.3-4.fc20.x86_64).


You are receiving this mail because:
  • You are watching all bug changes.