Wireshark-bugs: [Wireshark-bugs] [Bug 10495] New: memcpy error in vwr_read

Date: Mon, 22 Sep 2014 20:44:21 +0000
Bug ID 10495
Summary memcpy error in vwr_read
Product Wireshark
Version unspecified
Hardware x86
OS Debian
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 13084 [details]
input file that causes the error

Build Information:
TShark (Wireshark) 1.99.0 (v1.99.0-rc1-1842-g19d55ca from master)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
libz 1.2.7, with GLib 2.32.4, without SMI, without c-ares, without ADNS,
without
Lua, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP.

Running on Linux 3.14-kali1-amd64, with locale en_GB.UTF-8, with libpcap
version
1.3.0, with libz 1.2.7.
      Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz (with SSE4.2)

Built using gcc 4.7.2.

--
==24787== Memcheck, a memory error detector
==24787== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==24787== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==24787== Command: tshark -r causes_crash
==24787== Parent PID: 16797
==24787== 
==24787== Invalid read of size 2
==24787==    at 0x4C2AA8E: memcpy (mc_replace_strmem.c:883)
==24787==    by 0x4E78E3B: vwr_read_s2_W_rec (vwr.c:1446)
==24787==    by 0x4E7B230: vwr_process_rec_data (vwr.c:2179)
==24787==    by 0x4E762BD: vwr_read (vwr.c:590)
==24787==    by 0x4E7BC2C: wtap_read (wtap.c:996)
==24787==    by 0x40CF0C: main (tshark.c:3345)
==24787==  Address 0xfff001000 is not stack'd, malloc'd or (recently) free'd
==24787== 
==24787== 
==24787== Process terminating with default action of signal 11 (SIGSEGV)
==24787==  Access not within mapped region at address 0xFFF001000
==24787==    at 0x4C2AA8E: memcpy (mc_replace_strmem.c:883)
==24787==    by 0x4E78E3B: vwr_read_s2_W_rec (vwr.c:1446)
==24787==    by 0x4E7B230: vwr_process_rec_data (vwr.c:2179)
==24787==    by 0x4E762BD: vwr_read (vwr.c:590)
==24787==    by 0x4E7BC2C: wtap_read (wtap.c:996)
==24787==    by 0x40CF0C: main (tshark.c:3345)
==24787==  If you believe this happened as a result of a stack
==24787==  overflow in your program's main thread (unlikely but
==24787==  possible), you can try to increase the size of the
==24787==  main thread stack using the --main-stacksize= flag.
==24787==  The main thread stack size used in this run was 8388608.
==24787== 
==24787== HEAP SUMMARY:
==24787==     in use at exit: 16,593,595 bytes in 154,715 blocks
==24787==   total heap usage: 203,281 allocs, 48,566 frees, 28,820,570 bytes
allocated
==24787== 
==24787== LEAK SUMMARY:
==24787==    definitely lost: 493 bytes in 5 blocks
==24787==    indirectly lost: 88 bytes in 2 blocks
==24787==      possibly lost: 243,453 bytes in 1,054 blocks
==24787==    still reachable: 16,349,561 bytes in 153,654 blocks
==24787==         suppressed: 0 bytes in 0 blocks
==24787== Rerun with --leak-check=full to see details of leaked memory
==24787== 
==24787== For counts of detected and suppressed errors, rerun with: -v
==24787== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 41 from 5)


You are receiving this mail because:
  • You are watching all bug changes.