Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 8904] Buildbot crash output: fuzz-2013-07-07-18477.pcap

Date: Mon, 08 Jul 2013 01:52:17 +0000

changed bug 8904

What Removed Added
CC   [email protected]

Comment # 1 on bug 8904 from
Several uninitialized values in dissect_smtp, for example:

Conditional jump or move depends on uninitialised value(s)
   at 0x6A0616D: dissect_smtp (packet-smtp.c:870)
   by 0x63F6C53: call_dissector_through_handle (packet.c:458)
   by 0x63F730F: call_dissector_work (packet.c:552)
   by 0x63F7B1B: dissector_try_uint_new (packet.c:969)
   by 0x63F7B76: dissector_try_uint (packet.c:995)
   by 0x6A39C06: decode_tcp_ports (packet-tcp.c:3864)
   by 0x6A3A031: process_tcp_payload (packet-tcp.c:3923)
   by 0x6A3A5FC: dissect_tcp_payload (packet-tcp.c:1746)
   by 0x6A3C031: dissect_tcp (packet-tcp.c:4758)

Also at lines 890, 927, 949.

And the actual cause of the crash, a memcpy from NULL:

#0  memcpy (__len=6, __src=0x0, __dest=0x7fff46bf3d20)
#1  IsDFP_Frame at packet-pn-rt.c:176
#2  dissect_CSF_SDU_heur at packet-pn-rt.c:262
#3  dissect_PNIO_C_SDU at packet-dcerpc-pn-io.c:9236
#4  dissect_PNIO_heur at packet-dcerpc-pn-io.c:9379
#5  dissector_try_heuristic at packet.c:1807


You are receiving this mail because:
  • You are watching all bug changes.