Wireshark-bugs: [Wireshark-bugs] [Bug 9601] New: Clang ASAN : heap-buffer-overflow UDVM/Sigcomp
Date: Thu, 26 Dec 2013 15:39:34 +0000
Bug ID | 9601 |
---|---|
Summary | Clang ASAN : heap-buffer-overflow UDVM/Sigcomp : udvm_state_access |
Classification | Unclassified |
Product | Wireshark |
Version | unspecified |
Hardware | All |
OS | All |
Status | UNCONFIRMED |
Severity | Trivial |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Build Information: -- I fuzzing wireshark with ASAN ( http://clang.llvm.org/docs/AddressSanitizer.html) and it found the following issue : Input file: ../menagerie/asan2/4838-fuzz-2010-06-24-6775.pcap ================================================================= ==18772==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6210000563ec at pc 0x7f201eb48fd1 bp 0x7ffface1d830 sp 0x7ffface1d828 READ of size 1 at 0x6210000563ec thread T0 #0 0x7f201eb48fd0 in udvm_state_access /home/alagoutte/wireshark-clang/epan/sigcomp_state_hdlr.c:787 #1 0x7f201eb4ff3f in decompress_sigcomp_message /home/alagoutte/wireshark-clang/epan/sigcomp-udvm.c:2315 #2 0x7f201f4d10ab in dissect_sigcomp_common /home/alagoutte/wireshark-clang/epan/dissectors/packet-sigcomp.c:899 #3 0x7f201eaf028d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:509 #4 0x7f201eaf359c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2140 #5 0x7f201f4d90c7 in dissect_sip /home/alagoutte/wireshark-clang/epan/dissectors/packet-sip.c:2060 #6 0x7f201eaf028d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:509 #7 0x7f201eaf056b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1031 #8 0x7f201f653911 in decode_udp_ports /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:413 #9 0x7f201f6565ee in dissect /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:752 #10 0x7f201eaf02b9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:513 #11 0x7f201eaeff13 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1031 #12 0x7f201f118cce in dissect_ipv6 /home/alagoutte/wireshark-clang/epan/dissectors/packet-ipv6.c:2139 #13 0x7f201eaf02b9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:513 #14 0x7f201eaf056b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1031 #15 0x7f201ef4b56c in dissect_ethertype /home/alagoutte/wireshark-clang/epan/dissectors/packet-ethertype.c:305 #16 0x7f201eaf028d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:509 #17 0x7f201eaf359c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2140 #18 0x7f201ef49fc2 in dissect_eth_common /home/alagoutte/wireshark-clang/epan/dissectors/packet-eth.c:472 #19 0x7f201eaf02b9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:513 #20 0x7f201eaf056b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1031 #21 0x7f201ef97110 in dissect_frame /home/alagoutte/wireshark-clang/epan/dissectors/packet-frame.c:490 #22 0x7f201eaf02b9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:513 #23 0x7f201eaf359c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2140 #24 0x7f201eaeedd3 in call_dissector /home/alagoutte/wireshark-clang/epan/packet.c:2170 #25 0x7f201eacf888 in epan_dissect_run_with_taps /home/alagoutte/wireshark-clang/epan/epan.c:329 #26 0x4a6555 in process_packet /home/alagoutte/wireshark-clang/tshark.c:3453 #27 0x4a2047 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3256 #28 0x7f2017a47de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 #29 0x48b38c in _start ??:? 0x6210000563ec is located 0 bytes to the right of 4844-byte region [0x621000055100,0x6210000563ec) allocated by thread T0 here: #0 0x473de1 in malloc ??:? #1 0x7f2019e76dd0 in g_malloc ??:? SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ?? Shadow bytes around the buggy address: 0x0c4280002c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4280002c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4280002c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4280002c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4280002c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0c4280002c70: 00 00 00 00 00 00 00 00 00 00 00 00 00[04]fa fa 0x0c4280002c80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c4280002c90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c4280002ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4280002cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c4280002cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 9601] Clang ASAN : heap-buffer-overflow UDVM/Sigcomp : udvm_state_access
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9601] Clang ASAN : heap-buffer-overflow UDVM/Sigcomp : udvm_state_access
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9601] Clang ASAN : heap-buffer-overflow UDVM/Sigcomp : udvm_state_access
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9601] Clang ASAN : heap-buffer-overflow UDVM/Sigcomp : udvm_state_access
- Prev by Date: [Wireshark-bugs] [Bug 9584] ZigBee Test Profile #2 and ZDP fixes
- Next by Date: [Wireshark-bugs] [Bug 9601] Clang ASAN : heap-buffer-overflow UDVM/Sigcomp : udvm_state_access
- Previous by thread: [Wireshark-bugs] [Bug 9600] New: Add "Linux Mint" to list of operation systems
- Next by thread: [Wireshark-bugs] [Bug 9601] Clang ASAN : heap-buffer-overflow UDVM/Sigcomp : udvm_state_access
- Index(es):