| Bug ID |
10461
|
| Summary |
invalid memory accesses in the SnifferDecompress function
|
| Product |
Wireshark
|
| Version |
1.12.0
|
| Hardware |
x86
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Capture file support (libwiretap)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 13049 [details]
testcase to reproduce the bug
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
When we ran Valgrind on the the SnifferDecompress function in the
wiretap/ngsniffer.c file, three invalid memory accesses were reported as the
following. This can be reproduced by compiling the attached testcase:
$ gcc -g -DRANDOM ngsniffer_noklee.c
$ valgrind ./a.out
==17888== Memcheck, a memory error detector
==17888== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==17888== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==17888== Command: ./a.out
==17888==
==17888== Source and destination overlap in memcpy(0x51cc8a7, 0x51cc82b, 146)
==17888== at 0x4C2A690: memcpy (mc_replace_strmem.c:838)
==17888== by 0x40098D: SnifferDecompress (ngsniffer_noklee.c:187)
==17888== by 0x400B38: main (ngsniffer_noklee.c:250)
==17888==
==17888== Source and destination overlap in memcpy(0x51d752d, 0x51d7522, 13)
==17888== at 0x4C2A690: memcpy (mc_replace_strmem.c:838)
==17888== by 0x400A34: SnifferDecompress (ngsniffer_noklee.c:216)
==17888== by 0x400B38: main (ngsniffer_noklee.c:250)
==17888==
==17888== Invalid write of size 1
==17888== at 0x40075A: SnifferDecompress (ngsniffer_noklee.c:90)
==17888== by 0x400B38: main (ngsniffer_noklee.c:250)
==17888== Address 0x51da080 is 0 bytes after a block of size 65,536 alloc'd
==17888== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==17888== by 0x400AA2: main (ngsniffer_noklee.c:241)
You are receiving this mail because:
- You are watching all bug changes.