Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 7085] Buildbot crash output: fuzz-2012-04-14-9084.pcap

Date: Mon, 16 Apr 2012 08:36:55 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7085

--- Comment #13 from Cristian Constantin <const.crist@xxxxxxxxxxxxxx> 2012-04-16 08:36:55 PDT ---
(In reply to comment #3)
> My analysis:
>  - conversation->last is set only for first item
>  - for all other elements it's NULL (or random when scrubbing enabled)
> 
> In conversation_set_addr2(), conversation_set_port2() we can add *any*
> conversation to other hashtable.
> 
> (by any I mean that it can have ->last set to NULL/random) 
> 
> If memory is scrubbed it will sigsegv in find_or_create_conversation():
> #v+
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff51dc039 in conversation_lookup_hashtable (hashtable=0x1b5f4c0,
> frame_num=3, addr1=0x7fffffffc698, addr2=0x7fffffffc6a8, ptype=PT_TCP,
> port1=3398, port2=6087)
>     at conversation.c:726
> 726                    
> if((match->last)&&(match->last->setup_frame<=frame_num))
> (gdb) print match->last
> $1 = (struct conversation *) 0xbaddcafebaddcafe
> #v-
> 
> If memory is zeroed it will sigsegv in conversation_new()
> #v+
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff51dba47 in conversation_new (setup_frame=3, addr1=0x7fffffffc6b8,
> addr2=0x7fffffffc6c8, ptype=PT_TCP, port1=3398, port2=6087, options=0) at
> conversation.c:568
> 568                     if(setup_frame>=conversation->last->setup_frame) {
> (gdb) print conversation->last
> $1 = (struct conversation *) 0x0
> #v-

cristian: what happens when a conversation is removed like in function
conversation_set_addr2():

g_hash_table_remove(conversation_hashtable_no_addr2_or_port2,
            conv->key_ptr);

and there was a hash bucket list behind it?? I do not see where and whether
such a bucket list is freed (for example).

cristian

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.