Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] Memory corruption on x86_64 / GCC 4.2.3

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sun, 03 Aug 2008 11:30:11 +0200

Hi,
As I already noted in bug 2733, time_secs_to_str_buf() should be modified to handle the signed/unsigned cases properly. 

Thanx,
Jaap

Alexey Neyman wrote:
Small correction: the option to GCC which fixes this problem is "-fno-tree-vrp", not "-fno-strict-overflow". 

Best regards,
Alexey Neyman.

On Saturday 02 August 2008 03:04:17 Alexey Neyman wrote:

Howdy,

While testing the changes, I stumbled over canaries in epan/emem.c
signaling memory corruption. It happened during the fuzz testing
approximately once in 30 passes. The capture file triggering this bug
is attached.

The problem is with the time_secs_to_str_buf() function. If this
function is supplied with the time value of -2147483648 (0x80000000),
the "time = -time" statement has no effect - the value of 'time'
remains 0x80000000. The conditional below which checks for that
particular value ("Unable to cope with time value"), however, gets
optimized away. As a result, the values of 'secs', 'mins' and 'hours'
are negative; when these values are converted to unsigned, they
become large 10-digit positive integers, which overflow the buffer
allocated by the time_secs_to_str() function (which is only 51
bytes).

A quick fix is to add "-fno-strict-overflow" to CFLAGS; it will
prevent GCC from optimizing out this conditional. Perhaps, configure
should be modified to check if this flag is supported and use it if
it is. Perhaps, the code in time_secs_to_str_buf() needs to be
re-written to avoid such optimization.

FWIW, I am running Ubuntu Hardy Heron (8.04.1), x86_64 architecture.

Best regards,
Alexey Neyman.

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
  • References:
    • Re: [Wireshark-dev] Memory corruption on x86_64 / GCC 4.2.3
      • From: Alexey Neyman
  • Prev by Date: [Wireshark-dev] tshark-1.0.2 (dumpcap) signal abort core saved, see the stack-trace, any help please.
  • Next by Date: Re: [Wireshark-dev] tshark-1.0.2 (dumpcap) signal abort core saved, see the stack-trace, any help please.
  • Previous by thread: Re: [Wireshark-dev] Memory corruption on x86_64 / GCC 4.2.3
  • Next by thread: Re: [Wireshark-dev] old wiretap-0.3.1.dll in Wireshark 1.0.2win32installer
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation