Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-1840-g92cd2c3ccb)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.50.2, with zlib 1.2.8, without SMI, with c-ares 1.12.0, with Lua
5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.7.5, with MIT Kerberos, with GeoIP,
without nghttp2, with LZ4, with Snappy.
Running on Linux 4.8.13-1-ARCH, with Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
(with SSE4.2), with 31996 MB of physical memory, with locale en_GB.UTF-8, with
libpcap version 1.8.1, with GnuTLS 3.4.17, with Gcrypt 1.7.5, with zlib 1.2.8.
Built using gcc 6.2.1 20160830.
--
WSLUA crashes because fh->L is invalid (the Lua state has been invalidated
after reloading Lua plugins).
Steps to reproduce:
1. wireshark -Xlua_script:test/lua/pcap_file.lua -r test/captures/dns_port.pcap
2. Ctrl+Shift+L (Reload Lua plugins)
==4697==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000043a20
at pc 0x7f50cbc1d477 bp 0x7ffe17c060f0 sp 0x7ffe17c060e0
READ of size 8 at 0x617000043a20 thread T0
#0 0x7f50cbc1d476 in lua_settop lua-5.2.4/src/lapi.c:166
#1 0x7f50dbab45a4 in wslua_filehandler_seek_read
epan/wslua/wslua_file_handler.c:318
#2 0x7f50d02182c5 in wtap_seek_read wiretap/wtap.c:1396
#3 0x55b459ce84ce in cf_read_record_r /tmp/wsbuild/file.c:1494
#4 0x55b459ce8688 in cf_read_record /tmp/wsbuild/file.c:1520
#5 0x55b459ce9674 in rescan_packets /tmp/wsbuild/file.c:1726
#6 0x55b459ce7e2a in cf_redissect_packets /tmp/wsbuild/file.c:1465
#7 0x55b459f04b36 in MainWindow::redissectPackets()
ui/qt/main_window_slots.cpp:1407
#8 0x55b459f0639a in MainWindow::reloadLuaPlugins()
ui/qt/main_window_slots.cpp:1463
#9 0x55b459f29682 in
MainWindow::on_actionAnalyzeReloadLuaPlugins_triggered()
ui/qt/main_window_slots.cpp:2736
#10 0x55b45a561648 in MainWindow::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) ui/qt/moc_main_window.cpp:1580
#11 0x55b45a56bb03 in MainWindow::qt_metacall(QMetaObject::Call, int,
void**) ui/qt/moc_main_window.cpp:1828
#12 0x7f50d0809263 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/libQt5Core.so.5+0x2b3263)
#13 0x7f50d14b0991 in QAction::triggered(bool)
(/usr/lib/libQt5Widgets.so.5+0x14c991)
#14 0x7f50d14b337f in QAction::activate(QAction::ActionEvent)
(/usr/lib/libQt5Widgets.so.5+0x14f37f)
#15 0x7f50d14b3cfb in QAction::event(QEvent*)
(/usr/lib/libQt5Widgets.so.5+0x14fcfb)
#16 0x7f50d14b735b in QApplicationPrivate::notify_helper(QObject*, QEvent*)
(/usr/lib/libQt5Widgets.so.5+0x15335b)
#17 0x7f50d14bead0 in QApplication::notify(QObject*, QEvent*)
(/usr/lib/libQt5Widgets.so.5+0x15aad0)
#18 0x7f50d07dd8df in QCoreApplication::notifyInternal2(QObject*, QEvent*)
(/usr/lib/libQt5Core.so.5+0x2878df)
#19 0x7f50d0d4fd97 in QShortcutMap::dispatchEvent(QKeyEvent*)
(/usr/lib/libQt5Gui.so.5+0x121d97)
#20 0x7f50d0d4fe58 in QShortcutMap::tryShortcut(QKeyEvent*)
(/usr/lib/libQt5Gui.so.5+0x121e58)
#21 0x7f50d0d0879c in QWindowSystemInterface::handleShortcutEvent(QWindow*,
unsigned long, int, QFlags<Qt::KeyboardModifier>, unsigned int, unsigned int,
unsigned int, QString const&, bool, unsigned short)
(/usr/lib/libQt5Gui.so.5+0xda79c)
#22 0x7f50d0d1fca3 in
QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*)
(/usr/lib/libQt5Gui.so.5+0xf1ca3)
#23 0x7f50d0d251c4 in
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
(/usr/lib/libQt5Gui.so.5+0xf71c4)
#24 0x7f50d0d0315a in
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/libQt5Gui.so.5+0xd515a)
#25 0x7f50bdf8adbf (/usr/lib/libQt5XcbQpa.so.5+0x70dbf)
#26 0x7f50e6b1a586 in g_main_context_dispatch
(/usr/lib/libglib-2.0.so.0+0x4a586)
#27 0x7f50e6b1a7ef (/usr/lib/libglib-2.0.so.0+0x4a7ef)
#28 0x7f50e6b1a89b in g_main_context_iteration
(/usr/lib/libglib-2.0.so.0+0x4a89b)
#29 0x7f50d08322be in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/libQt5Core.so.5+0x2dc2be)
#30 0x7f50d07dbd39 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(/usr/lib/libQt5Core.so.5+0x285d39)
#31 0x7f50d07e423b in QCoreApplication::exec()
(/usr/lib/libQt5Core.so.5+0x28e23b)
#32 0x55b459cd0f94 in main /tmp/wsbuild/wireshark-qt.cpp:860
#33 0x7f50ce597290 in __libc_start_main (/usr/lib/libc.so.6+0x20290)
#34 0x55b459ccd619 in _start (/tmp/wsbuild/run/wireshark+0x22b5619)
0x617000043a20 is located 32 bytes inside of 704-byte region
[0x617000043a00,0x617000043cc0)
freed by thread T0 here:
#0 0x7f50e7427b00 in __interceptor_free
/build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:45
#1 0x7f50e6b1fc41 in g_realloc (/usr/lib/libglib-2.0.so.0+0x4fc41)
#2 0x7f50dbb086b9 in wslua_cleanup epan/wslua/init_wslua.c:1024
#3 0x7f50dbb08684 in wslua_reload_plugins epan/wslua/init_wslua.c:1017
#4 0x55b459f05952 in MainWindow::reloadLuaPlugins()
ui/qt/main_window_slots.cpp:1449
#5 0x55b459f29682 in
MainWindow::on_actionAnalyzeReloadLuaPlugins_triggered()
ui/qt/main_window_slots.cpp:2736
#6 0x55b45a561648 in MainWindow::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) ui/qt/moc_main_window.cpp:1580
#7 0x55b45a56bb03 in MainWindow::qt_metacall(QMetaObject::Call, int,
void**) ui/qt/moc_main_window.cpp:1828
#8 0x7f50d0809263 in QMetaObject::activate(QObject*, int, int, void**)
(/usr/lib/libQt5Core.so.5+0x2b3263)
#9 0x7f50d14b0991 in QAction::triggered(bool)
(/usr/lib/libQt5Widgets.so.5+0x14c991)
previously allocated by thread T0 here:
#0 0x7f50e7428210 in __interceptor_realloc
/build/gcc-multilib/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:75
#1 0x7f50e6b1fc57 in g_realloc (/usr/lib/libglib-2.0.so.0+0x4fc57)
#2 0x7f50cbc4836d in lua_newstate lua-5.2.4/src/lstate.c:270
SUMMARY: AddressSanitizer: heap-use-after-free lua-5.2.4/src/lapi.c:166 in
lua_settop