Wireshark-commits: [Wireshark-commits] rev 53934: /trunk/epan/dissectors/ /trunk/epan/dissectors/:

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: pascal@xxxxxxxxxxxxx
Date: Wed, 11 Dec 2013 12:54:10 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=53934

User: pascal
Date: 2013/12/11 12:54 PM

Log:
 Fix an out of bounds access found by ASAN and reported by Alexis:
 
 ==21553==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffbc0b2a5e at pc 0x7fe8684147a3 bp 0x7fffbc0b2950 sp 0x7fffbc0b2948
 READ of size 2 at 0x7fffbc0b2a5e thread T0
     #0 0x7fe8684147a2 in dissect_schedule_message /home/alagoutte/wireshark-clang/epan/dissectors/packet-gsm_cbch.c:309
     #1 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
     #2 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
     #3 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
     #4 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
     #5 0x7fe868a3ebd4 in decode_udp_ports /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:411
     #6 0x7fe868a41886 in dissect /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:747
     #7 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
     #8 0x7fe867ed6d03 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
     #9 0x7fe8684eaa1f in dissect_ip /home/alagoutte/wireshark-clang/epan/dissectors/packet-ip.c:2401
     #10 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
     #11 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
     #12 0x7fe868333e98 in dissect_ethertype /home/alagoutte/wireshark-clang/epan/dissectors/packet-ethertype.c:305
     #13 0x7fe867ed707d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:508
     #14 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
     #15 0x7fe8683328ad in dissect_eth_common /home/alagoutte/wireshark-clang/epan/dissectors/packet-eth.c:472
     #16 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
     #17 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
     #18 0x7fe868382460 in dissect_frame /home/alagoutte/wireshark-clang/epan/dissectors/packet-frame.c:485
     #19 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
     #20 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
     #21 0x7fe867ed5baf in call_dissector /home/alagoutte/wireshark-clang/epan/packet.c:2169
     #22 0x7fe867eb6388 in epan_dissect_run_with_taps /home/alagoutte/wireshark-clang/epan/epan.c:329
     #23 0x4a0ef9 in process_packet /home/alagoutte/wireshark-clang/tshark.c:3434
     #24 0x49c985 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3237
     #25 0x7fe860e8ede4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
     #26 0x48586c in _start ??:?
 
 Address 0x7fffbc0b2a5e is located in stack of thread T0 at offset 126 in frame
     #0 0x7fe86841353f in dissect_cbch /home/alagoutte/wireshark-clang/epan/dissectors/packet-gsm_cbch.c:345
 
   This frame has 2 object(s):
     [32, 80) 'new_slots.i'
     [128, 224) 'other_slots.i' <== Memory access at offset 126 underflows this variable
 HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
       (longjmp and C++ exceptions *are* supported)
 SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??

Directory: /trunk/epan/dissectors/
  Changes    Path                 Action
  +1 -1      packet-gsm_cbch.c    Modified