ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5754] Buildbot crash output: fuzz-2011-03-15-11832.pcap

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 16 Mar 2011 14:38:36 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5754

Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #6027|                            |review_for_checkin?
               Flag|                            |

--- Comment #3 from Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> 2011-03-16 14:38:34 PDT ---
Created an attachment (id=6027)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6027)
Always ep_alloc last_ava before use.

valgrind log with WIRESHARK_DEBUG_EP_NO_CHUNKS:
==15434== 4 errors in context 3 of 401:
==15434== Invalid write of size 8
==15434==    at 0x4C2A9A8: mempcpy (mc_replace_strmem.c:844)
==15434==    by 0xA2CA72D: _IO_default_xsputn (in /lib64/libc-2.12.1.so)
==15434==    by 0xA29EBC3: vfprintf (in /lib64/libc-2.12.1.so)
==15434==    by 0xA33DFDB: __vsnprintf_chk (in /lib64/libc-2.12.1.so)
==15434==    by 0x9B42888: g_snprintf (in /usr/lib64/libglib-2.0.so.0.2400.2)
==15434==    by 0x669B749: dissect_x509if_T_atadv_value (x509if.cnf:260)
==15434==    by 0x6087262: dissect_ber_sequence (packet-ber.c:2045)

it seems that ep-allocated last_ava is used after being freed...

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube