Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2114] Buildbot crash output: fuzz-2007-12-17-5326.pcap

Date: Mon, 17 Dec 2007 22:43:08 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2114





------- Comment #1 from jeff.morriss@xxxxxxxxxxx  2007-12-17 22:43 GMT -------
Backtrace is:

#0  0xff1f0510 in memcpy () from
/usr/platform/SUNW,Sun-Fire-880/lib/libc_psr.so.1
#1  0xfdad3cec in tvb_memcpy (tvb=0x17f5da0, target=0x2e2e2e3a, offset=0,
length=4) at ../../epan/tvbuff.c:1008
#2  0xfdfe2ab4 in dissect_h245_Ipv4_network (tvb=0xb8, offset=184,
actx=0xffbfdcd0, tree=0x17e10b8, hf_index=-15824880) at h245.cnf:695
#3  0xfddf8418 in dissect_per_sequence (tvb=0xb8, offset=151, actx=0xffbfdcd0,
parent_tree=0x17e10b8, hf_index=-15824880, ett_index=151, 
    sequence=0xff0e8810) at ../../../epan/dissectors/packet-per.c:1530

(gdb) print *upcoming_channel
$2 = {
  upcoming_addr = 0x2e2e2e2e, 
  media_addr = {
    addr = {
      type = 539897392, 
      len = 773866872, 
      data = 0x74656e73
    }, 
    addr_buf = "ion Bit: False\000", 
    port = 19536
  }, 
  media_control_addr = {
    addr = {
      type = AT_NONE, 
      len = 0, 
      data = 0x0
    }, 
    addr_buf = '\0' <repeats 15 times>, 
    port = 0
  }, 
  rfc2198 = 0, 
  srtp_flag = 0
}


Note the ASCII in there--looks like a buffer overrun (the 0x2e2e2e2e is
"....")?


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.