Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11835] New: Crash inside NBAP dissector

Wireshark-bugs: [Wireshark-bugs] [Bug 11835] New: Crash inside NBAP dissector

Date: Tue, 01 Dec 2015 02:32:28 +0000

Bug ID	11835
Summary	Crash inside NBAP dissector
Product	Wireshark
Version	Git
Hardware	x86-64
OS	All
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 14095 [details]
pcap causing NBAP dissector to crash

Build Information:
TShark (Wireshark) 2.1.0 (v2.1.0rc0-867-gb8f90de from master)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), without libnl,
with libz 1.2.8, with GLib 2.42.1, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.1, without GnuTLS, with Gcrypt 1.6.3, with MIT Kerberos, with GeoIP.

Running on Linux 3.16.0-4-amd64, with locale en_DK.UTF-8, with libpcap version
1.6.2, with libz 1.2.8, with Gcrypt 1.6.3.
        Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz (with SSE4.2)

Built using gcc 4.9.2.

--
File from attachment (crash1.pcap) is causing wireshark/tshark to crash:

$ ./wireshark-gtk /tmp/crash1.pcap 
Segmentation fault


#0  conversation_get_proto_data (conv=0x0, proto=38397) at conversation.c:1250
#1  0x00007f9eee91526f in dissect_nbap_E_DCH_FDD_Information_to_Modify
(offset=<optimized out>, hf_index=<optimized out>, tree=<optimized out>,
actx=<optimized out>, 
    tvb=<optimized out>) at ../../asn1/nbap/nbap.cnf:1459
#2  dissect_E_DCH_FDD_Information_to_Modify_PDU (tvb=0x7f9ee5abd940,
pinfo=0x7f9ee5ac5b80, tree=0x7f9ee5abd850, data="" at
../../asn1/nbap/nbap.cnf:1686
#3  0x00007f9eedfc160f in call_dissector_through_handle (handle=0x7f9ee6db3560,
handle=0x7f9ee6db3560, data="" tree=0x7f9ee678f800, pinfo=0x29d0438,
tvb=0x29d0d90) at packet.c:616
#4  call_dissector_work (handle=0x7f9ee6db3560, tvb=0x29d0d90,
pinfo_arg=0x29d0438, tree=0x7f9ee678f800, add_proto_name=<optimized out>,
data="" at packet.c:691

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11527] Buildbot crash output: fuzz-2015-09-14-12129.pcap
Next by Date: [Wireshark-bugs] [Bug 11823] Wireshark division by zero in s7comm_decode_ud_cpu_szl_subfunc
Previous by thread: [Wireshark-bugs] [Bug 11527] Buildbot crash output: fuzz-2015-09-14-12129.pcap
Next by thread: [Wireshark-bugs] [Bug 11835] Crash inside NBAP dissector
Index(es):
- Date
- Thread