Wireshark-bugs: [Wireshark-bugs] [Bug 12288] Wireshark crashes every time open Statistics -> Con

Date: Wed, 22 Jun 2016 15:50:41 +0000

Comment # 2 on bug 12288 from
Building with ASAN, gives me the following use-after-free error (ubuntu 16.04).

==17196==ERROR: AddressSanitizer: heap-use-after-free on address 0x7f9445b45960
at pc 0x5648fb979af1 bp 0x7ffe7df50be0 sp 0x7ffe7df50bd0
READ of size 8 at 0x7f9445b45960 thread T0
    #0 0x5648fb979af0 in EndpointTreeWidgetItem::update(int, bool)
../ui/qt/endpoint_dialog.cpp:234
    #1 0x5648fb97297f in EndpointTreeWidget::updateItems(bool)
../ui/qt/endpoint_dialog.cpp:580
    #2 0x7f948f5af783 in draw_tap_listeners ../epan/tap.c:454
    #3 0x5648fbc4fb54 in WiresharkApplication::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) ui/qt/moc_wireshark_application.cpp:226
    #4 0x7f9486ef2fc9 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b4fc9)
    #5 0x7f9486eff877 in QTimer::timerEvent(QTimerEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2c1877)
    #6 0x7f9486ef3e52 in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5e52)
    #7 0x7f94877b705b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b05b)
    #8 0x7f94877bc515 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160515)
    #9 0x7f9486ec462a in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28662a)
    #10 0x7f9486f1989c in QTimerInfoList::activateTimers()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2db89c)
    #11 0x7f9486f19da0  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dbda0)
    #12 0x7f94981f0126 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a126)
    #13 0x7f94981f037f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a37f)
    #14 0x7f94981f042b in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a42b)
    #15 0x7f9486f1aa7e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dca7e)
    #16 0x5648fba595fe in update_progress_dlg ../ui/qt/progress_frame.cpp:93
    #17 0x5648fb93ae8a in process_specified_records ../file.c:2055
    #18 0x5648fb93b304 in cf_retap_packets ../file.c:2166
    #19 0x7f9486ef3ea0 in QObject::event(QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2b5ea0)
    #20 0x7f94877b705b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x15b05b)
    #21 0x7f94877bc515 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5+0x160515)
    #22 0x7f9486ec462a in QCoreApplication::notifyInternal(QObject*, QEvent*)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28662a)
    #23 0x7f9486ec6a25 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x288a25)
    #24 0x7f9486f1a672  (/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dc672)
    #25 0x7f94981f0126 in g_main_context_dispatch
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a126)
    #26 0x7f94981f037f  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a37f)
    #27 0x7f94981f042b in g_main_context_iteration
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4a42b)
    #28 0x7f9486f1aa7e in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x2dca7e)
    #29 0x7f9486ec1de9 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x283de9)
    #30 0x7f9486ec9e8b in QCoreApplication::exec()
(/usr/lib/x86_64-linux-gnu/libQt5Core.so.5+0x28be8b)
    #31 0x5648fb924f6d in main ../wireshark-qt.cpp:841
    #32 0x7f9485a3b82f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #33 0x5648fb92c1b8 in _start
(/home/dario/Projects/wireshark/build-asan/run/wireshark+0x20a1b8)

0x7f9445b45960 is located 250208 bytes inside of 4194304-byte region
[0x7f9445b08800,0x7f9445f08800)
freed by thread T0 here:
    #0 0x7f949854f8ca in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x988ca)
    #1 0x7f94981f5767 in g_realloc
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f767)

previously allocated by thread T0 here:
    #0 0x7f949854f8ca in realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x988ca)
    #1 0x7f94981f5767 in g_realloc
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f767)

SUMMARY: AddressSanitizer: heap-use-after-free ../ui/qt/endpoint_dialog.cpp:234
EndpointTreeWidgetItem::update(int, bool)
Shadow bytes around the buggy address:
  0x0ff308b60ad0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60ae0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60af0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60b10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0ff308b60b20: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
  0x0ff308b60b30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60b40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60b50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60b60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ff308b60b70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd


You are receiving this mail because:
  • You are watching all bug changes.