Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10090] Buildbot crash output: fuzz-2014-05-06-5395.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10090] Buildbot crash output: fuzz-2014-05-06-5395.pcap

Date: Wed, 07 May 2014 16:49:20 +0000

What	Removed	Added
CC		[email protected]

Comment # 1 on bug 10090 from Evan Huus

Somehow reassembly is ending up with a NULL tvb pointer which isn't getting
checked, leading to a crash:

#0  0x00007fa6f6b32f71 in check_offset_length_no_exception
(length_ptr=<synthetic pointer>, offset_ptr=<synthetic pointer>,
length_val=1391, offset=0, 
    tvb=0x0) at tvbuff.c:245
#1  ensure_contiguous_no_exception (pexception=<synthetic pointer>,
length=1391, offset=0, tvb=0x0) at tvbuff.c:691
#2  ensure_contiguous (length=1391, offset=0, tvb=0x0) at tvbuff.c:718
#3  tvb_get_ptr (tvb=0x0, offset=0, length=length@entry=1391) at tvbuff.c:855
#4  0x00007fa6f6b201e2 in fragment_add_work (fd_head=fd_head@entry=0x36e1840,
tvb=tvb@entry=0x1680230, offset=offset@entry=20, 
    frag_offset=frag_offset@entry=1391, frag_data_len=frag_data_len@entry=1460,
more_frags=more_frags@entry=0, pinfo=0x1538db8) at reassemble.c:1164
#5  0x00007fa6f6b202b2 in fragment_add_common (table=table@entry=0x7fa6f970bb60
<tcp_reassembly_table>, tvb=tvb@entry=0x1680230, 
    offset=offset@entry=20, pinfo=pinfo@entry=0x1538db8, id=127119,
data="" frag_offset=frag_offset@entry=1391, 
    frag_data_len=frag_data_len@entry=1460, more_frags=more_frags@entry=0,
check_already_added=check_already_added@entry=1) at reassemble.c:1370
#6  0x00007fa6f6b20a98 in fragment_add (table=table@entry=0x7fa6f970bb60
<tcp_reassembly_table>, tvb=tvb@entry=0x1680230, offset=offset@entry=20, 
    pinfo=pinfo@entry=0x1538db8, id=<optimized out>, data=""
frag_offset=1391, frag_data_len=frag_data_len@entry=1460, more_frags=0)
    at reassemble.c:1390
#7  0x00007fa6f71cca62 in desegment_tcp (tcpinfo=0x7fff01f75500,
tcpd=0x36e7060, tcp_tree=0x37ed140, tree=0x14f2cf0, dport=5060, sport=43005, 
    nxtseq=2852, seq=1392, offset=20, pinfo=0x1538db8, tvb=0x1680230) at
packet-tcp.c:1765
#8  dissect_tcp_payload (tvb=tvb@entry=0x1680230, pinfo=pinfo@entry=0x1538db8,
offset=offset@entry=20, seq=<optimized out>, nxtseq=nxtseq@entry=2852, 
    sport=43005, dport=5060, tree=tree@entry=0x14f2cf0,
tcp_tree=tcp_tree@entry=0x37ed140, tcpd=tcpd@entry=0x36e7060, 
    tcpinfo=tcpinfo@entry=0x7fff01f75500) at packet-tcp.c:4056
#9  0x00007fa6f71ce90f in dissect_tcp (tvb=<optimized out>, pinfo=0x1538db8,
tree=0x14f2cf0) at packet-tcp.c:4848

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 10090] New: Buildbot crash output: fuzz-2014-05-06-5395.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 7533] mem corruption\heap corruption\div0 bugs
Next by Date: [Wireshark-bugs] [Bug 10081] Failed to export pdml on large pcap
Previous by thread: [Wireshark-bugs] [Bug 10090] New: Buildbot crash output: fuzz-2014-05-06-5395.pcap
Next by thread: [Wireshark-bugs] [Bug 7533] mem corruption\heap corruption\div0 bugs
Index(es):
- Date
- Thread