Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2013] New: Crash in packet-usb-masstorage.c:261 fuzz-2007-11-16-18765.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 2013] New: Crash in packet-usb-masstorage.c:261 fuzz-2007-

Date: Fri, 23 Nov 2007 07:56:33 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2013

           Summary: Crash in packet-usb-masstorage.c:261 fuzz-2007-11-16-
                    18765.pcap
           Product: Wireshark
           Version: 0.99.7
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: florent.drouin@xxxxxxxxxx


Build Information:
 ./wireshark -v
wireshark 0.99.7pre1

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.4.13, with GLib 2.4.7, with libpcap 0.9.8, with libz
1.2.1.2, without libpcre, without SMI, without ADNS, without Lua, with GnuTLS
1.0.20, with Gcrypt 1.2.0, without Kerberos, without PortAudio, without
AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.9-22.ELsmp, with libpcap version 0.9.8.

Built using gcc 3.4.4 20050721 (Red Hat 3.4.4-2).

--
gdb ./testshark 
GNU gdb Red Hat Linux (6.3.0.0-1.63rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/tls/libthread_db.so.1".

(gdb) run
Starting program: /hp/src/wireshark-0.99.7pre1/testshark 
[Thread debugging using libthread_db enabled]
[New Thread 182936258176 (LWP 3162)]
08:38:23          Warn radius: Could not find the radius directory

(testshark:3162): Gtk-WARNING **: Could not find the icon 'gnome-fs-home'. The
'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:
        http://freedesktop.org/Software/icon-theme/releases

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 182936258176 (LWP 3162)]
dissect_usb_ms_bulk (tvb=0xdea6c0, pinfo=0x317c520, parent_tree=0xf02790) at
packet-usb-masstorage.c:261
261             itl=(itl_nexus_t *)se_tree_lookup32(usb_ms_conv_info->itl,
lun);
(gdb) where
#0  dissect_usb_ms_bulk (tvb=0xdea6c0, pinfo=0x317c520, parent_tree=0xf02790)
at packet-usb-masstorage.c:261
#1  0x0000002a9616405c in call_dissector_through_handle (handle=0xc696b0,
tvb=0xdea6c0, pinfo=0x317c520, 
    tree=0xf02790) at packet.c:396
#2  0x0000002a961646a1 in call_dissector_work (handle=0xc696b0, tvb=0xdea6c0,
pinfo_arg=0x317c520, tree=0xf02790)
    at packet.c:485
#3  0x0000002a96164b29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#4  0x0000002a96531fba in dissect_linux_usb (tvb=0xdea610, pinfo=0x317c520,
parent=0xf02790) at packet-usb.c:1199
#5  0x0000002a9616405c in call_dissector_through_handle (handle=0xc69660,
tvb=0xdea610, pinfo=0x317c520, 
    tree=0xf02790) at packet.c:396
#6  0x0000002a961646a1 in call_dissector_work (handle=0xc69660, tvb=0xdea610,
pinfo_arg=0x317c520, tree=0xf02790)
    at packet.c:485
#7  0x0000002a96164b29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#8  0x0000002a96305ab8 in dissect_frame (tvb=0xdea610, pinfo=0x317c520,
parent_tree=0xf02790) at packet-frame.c:300
#9  0x0000002a9616405c in call_dissector_through_handle (handle=0x8de460,
tvb=0xdea610, pinfo=0x317c520, 
    tree=0xf02790) at packet.c:396
#10 0x0000002a961646a1 in call_dissector_work (handle=0x8de460, tvb=0xdea610,
pinfo_arg=0x317c520, tree=0xf02790)
    at packet.c:485
#11 0x0000002a9616601e in call_dissector (handle=0x8de460, tvb=0xdea610,
pinfo=0x317c520, tree=0xf02790)
    at packet.c:1774
#12 0x0000002a961665ca in dissect_packet (edt=0x317c510, pseudo_header=Variable
"pseudo_header" is not available.
) at packet.c:332
#13 0x000000000042fe96 in add_packet_to_packet_list (fdata=0xf271b0,
cf=0x68bbe0, dfcode=0x0, 
    pseudo_header=0x3581fa8, buf=0x35a94f0 "", refilter=1) at file.c:962
#14 0x000000000043014f in read_packet (cf=0x68bbe0, dfcode=0x0, offset=3659) at
file.c:1095
#15 0x00000000004309ef in cf_read (cf=0x68bbe0) at file.c:496
#16 0x000000000046dac2 in file_open_cmd (w=0xd11860) at capture_file_dlg.c:715
#17 0x000000348ce0bfaa in g_closure_invoke () from
/usr/lib64/libgobject-2.0.so.0
#18 0x000000348ce2158a in g_signal_has_handler_pending () from
/usr/lib64/libgobject-2.0.so.0
#19 0x000000348ce22d36 in g_signal_emit_valist () from
/usr/lib64/libgobject-2.0.so.0
#20 0x000000348ce23083 in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0
#21 0x000000381dd04a07 in gtk_widget_can_activate_accel () from
/usr/lib64/libgtk-x11-2.0.so.0
#22 0x000000348ce0bfaa in g_closure_invoke () from
/usr/lib64/libgobject-2.0.so.0
#23 0x000000348ce2158a in g_signal_has_handler_pending () from
/usr/lib64/libgobject-2.0.so.0
#24 0x000000348ce2299d in g_signal_emit_valist () from
/usr/lib64/libgobject-2.0.so.0
#25 0x000000348ce23083 in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0
#26 0x000000381db5d48b in gtk_accel_group_activate () from
/usr/lib64/libgtk-x11-2.0.so.0
#27 0x000000381db5de54 in gtk_accel_groups_activate () from
/usr/lib64/libgtk-x11-2.0.so.0
#28 0x000000381dd18f69 in gtk_window_activate_key () from
/usr/lib64/libgtk-x11-2.0.so.0
#29 0x000000381dc1aca6 in gtk_marshal_VOID__UINT_STRING () from
/usr/lib64/libgtk-x11-2.0.so.0
#30 0x000000348ce0bfaa in g_closure_invoke () from
/usr/lib64/libgobject-2.0.so.0
#31 0x000000348ce20f1c in g_signal_has_handler_pending () from
/usr/lib64/libgobject-2.0.so.0
#32 0x000000348ce2299d in g_signal_emit_valist () from
/usr/lib64/libgobject-2.0.so.0
#33 0x000000348ce23083 in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0
#34 0x000000381dd05680 in gtk_widget_activate () from
/usr/lib64/libgtk-x11-2.0.so.0
#35 0x000000381dc18dad in gtk_propagate_event () from
/usr/lib64/libgtk-x11-2.0.so.0
#36 0x000000381dc19015 in gtk_main_do_event () from
/usr/lib64/libgtk-x11-2.0.so.0
#37 0x000000381d944b20 in gdk_event_get_graphics_expose () from
/usr/lib64/libgdk-x11-2.0.so.0
#38 0x000000348c4266bd in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#39 0x000000348c428397 in g_main_context_acquire () from
/usr/lib64/libglib-2.0.so.0
#40 0x000000348c428735 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#41 0x000000381dc18471 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0
#42 0x00000000004465f2 in main (argc=0, argv=0x7fbffffa60) at main.c:3069
(gdb) bt
#0  dissect_usb_ms_bulk (tvb=0xdea6c0, pinfo=0x317c520, parent_tree=0xf02790)
at packet-usb-masstorage.c:261
#1  0x0000002a9616405c in call_dissector_through_handle (handle=0xc696b0,
tvb=0xdea6c0, pinfo=0x317c520, 
    tree=0xf02790) at packet.c:396
#2  0x0000002a961646a1 in call_dissector_work (handle=0xc696b0, tvb=0xdea6c0,
pinfo_arg=0x317c520, tree=0xf02790)
    at packet.c:485
#3  0x0000002a96164b29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#4  0x0000002a96531fba in dissect_linux_usb (tvb=0xdea610, pinfo=0x317c520,
parent=0xf02790) at packet-usb.c:1199
#5  0x0000002a9616405c in call_dissector_through_handle (handle=0xc69660,
tvb=0xdea610, pinfo=0x317c520, 
    tree=0xf02790) at packet.c:396
#6  0x0000002a961646a1 in call_dissector_work (handle=0xc69660, tvb=0xdea610,
pinfo_arg=0x317c520, tree=0xf02790)
    at packet.c:485
#7  0x0000002a96164b29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#8  0x0000002a96305ab8 in dissect_frame (tvb=0xdea610, pinfo=0x317c520,
parent_tree=0xf02790) at packet-frame.c:300
#9  0x0000002a9616405c in call_dissector_through_handle (handle=0x8de460,
tvb=0xdea610, pinfo=0x317c520, 
    tree=0xf02790) at packet.c:396
#10 0x0000002a961646a1 in call_dissector_work (handle=0x8de460, tvb=0xdea610,
pinfo_arg=0x317c520, tree=0xf02790)
    at packet.c:485
#11 0x0000002a9616601e in call_dissector (handle=0x8de460, tvb=0xdea610,
pinfo=0x317c520, tree=0xf02790)
    at packet.c:1774
#12 0x0000002a961665ca in dissect_packet (edt=0x317c510, pseudo_header=Variable
"pseudo_header" is not available.
) at packet.c:332
#13 0x000000000042fe96 in add_packet_to_packet_list (fdata=0xf271b0,
cf=0x68bbe0, dfcode=0x0, 
    pseudo_header=0x3581fa8, buf=0x35a94f0 "", refilter=1) at file.c:962
#14 0x000000000043014f in read_packet (cf=0x68bbe0, dfcode=0x0, offset=3659) at
file.c:1095
#15 0x00000000004309ef in cf_read (cf=0x68bbe0) at file.c:496
#16 0x000000000046dac2 in file_open_cmd (w=0xd11860) at capture_file_dlg.c:715
#17 0x000000348ce0bfaa in g_closure_invoke () from
/usr/lib64/libgobject-2.0.so.0
#18 0x000000348ce2158a in g_signal_has_handler_pending () from
/usr/lib64/libgobject-2.0.so.0
#19 0x000000348ce22d36 in g_signal_emit_valist () from
/usr/lib64/libgobject-2.0.so.0
#20 0x000000348ce23083 in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0
#21 0x000000381dd04a07 in gtk_widget_can_activate_accel () from
/usr/lib64/libgtk-x11-2.0.so.0
#22 0x000000348ce0bfaa in g_closure_invoke () from
/usr/lib64/libgobject-2.0.so.0
#23 0x000000348ce2158a in g_signal_has_handler_pending () from
/usr/lib64/libgobject-2.0.so.0
#24 0x000000348ce2299d in g_signal_emit_valist () from
/usr/lib64/libgobject-2.0.so.0
#25 0x000000348ce23083 in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0
#26 0x000000381db5d48b in gtk_accel_group_activate () from
/usr/lib64/libgtk-x11-2.0.so.0
#27 0x000000381db5de54 in gtk_accel_groups_activate () from
/usr/lib64/libgtk-x11-2.0.so.0
#28 0x000000381dd18f69 in gtk_window_activate_key () from
/usr/lib64/libgtk-x11-2.0.so.0
#29 0x000000381dc1aca6 in gtk_marshal_VOID__UINT_STRING () from
/usr/lib64/libgtk-x11-2.0.so.0
#30 0x000000348ce0bfaa in g_closure_invoke () from
/usr/lib64/libgobject-2.0.so.0
#31 0x000000348ce20f1c in g_signal_has_handler_pending () from
/usr/lib64/libgobject-2.0.so.0
#32 0x000000348ce2299d in g_signal_emit_valist () from
/usr/lib64/libgobject-2.0.so.0
#33 0x000000348ce23083 in g_signal_emit () from /usr/lib64/libgobject-2.0.so.0
#34 0x000000381dd05680 in gtk_widget_activate () from
/usr/lib64/libgtk-x11-2.0.so.0
#35 0x000000381dc18dad in gtk_propagate_event () from
/usr/lib64/libgtk-x11-2.0.so.0
#36 0x000000381dc19015 in gtk_main_do_event () from
/usr/lib64/libgtk-x11-2.0.so.0
#37 0x000000381d944b20 in gdk_event_get_graphics_expose () from
/usr/lib64/libgdk-x11-2.0.so.0
#38 0x000000348c4266bd in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#39 0x000000348c428397 in g_main_context_acquire () from
/usr/lib64/libglib-2.0.so.0
#40 0x000000348c428735 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0
#41 0x000000381dc18471 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0
#42 0x00000000004465f2 in main (argc=0, argv=0x7fbffffa60) at main.c:3069
(gdb)


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Follow-Ups:
- [Wireshark-bugs] [Bug 2013] Crash in packet-usb-masstorage.c:261 fuzz-2007-11-16-18765.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2013] Crash in packet-usb-masstorage.c:261 fuzz-2007-11-16-18765.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2013] Crash in packet-usb-masstorage.c:261 fuzz-2007-11-16-18765.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 2012] crash in emem.c 915, fuzz-2007-11-21-16867.pcap
Next by Date: [Wireshark-bugs] [Bug 2013] Crash in packet-usb-masstorage.c:261 fuzz-2007-11-16-18765.pcap
Previous by thread: [Wireshark-bugs] [Bug 2012] crash in emem.c 915, fuzz-2007-11-21-16867.pcap
Next by thread: [Wireshark-bugs] [Bug 2013] Crash in packet-usb-masstorage.c:261 fuzz-2007-11-16-18765.pcap
Index(es):
- Date
- Thread