Wireshark-bugs: [Wireshark-bugs] [Bug 10461] New: invalid memory accesses in the SnifferDecompre

Date: Wed, 10 Sep 2014 06:04:16 +0000
Bug ID 10461
Summary invalid memory accesses in the SnifferDecompress function
Product Wireshark
Version 1.12.0
Hardware x86
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Capture file support (libwiretap)
Assignee [email protected]
Reporter [email protected]

Created attachment 13049 [details]
testcase to reproduce the bug

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
When we ran Valgrind on the the SnifferDecompress function in the
wiretap/ngsniffer.c file, three invalid memory accesses were reported as the
following. This can be reproduced by compiling the attached testcase:

$ gcc -g -DRANDOM ngsniffer_noklee.c
$ valgrind ./a.out

==17888== Memcheck, a memory error detector
==17888== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==17888== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==17888== Command: ./a.out
==17888== 
==17888== Source and destination overlap in memcpy(0x51cc8a7, 0x51cc82b, 146)
==17888==    at 0x4C2A690: memcpy (mc_replace_strmem.c:838)
==17888==    by 0x40098D: SnifferDecompress (ngsniffer_noklee.c:187)
==17888==    by 0x400B38: main (ngsniffer_noklee.c:250)
==17888== 
==17888== Source and destination overlap in memcpy(0x51d752d, 0x51d7522, 13)
==17888==    at 0x4C2A690: memcpy (mc_replace_strmem.c:838)
==17888==    by 0x400A34: SnifferDecompress (ngsniffer_noklee.c:216)
==17888==    by 0x400B38: main (ngsniffer_noklee.c:250)
==17888== 
==17888== Invalid write of size 1
==17888==    at 0x40075A: SnifferDecompress (ngsniffer_noklee.c:90)
==17888==    by 0x400B38: main (ngsniffer_noklee.c:250)
==17888==  Address 0x51da080 is 0 bytes after a block of size 65,536 alloc'd
==17888==    at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==17888==    by 0x400AA2: main (ngsniffer_noklee.c:241)


You are receiving this mail because:
  • You are watching all bug changes.