Comment # 42
on bug 9072
from Evan Huus
Created attachment 11575 [details]
Fuzz File 1
This capture (generated by fuzzing one of the provided captures) causes the
dissector to produce errors when run under valgrind (another tool not available
for Windows, unfortunately):
==12985== Conditional jump or move depends on uninitialised value(s)
==12985== at 0x64A56AB: fast_ensure_contiguous (tvbuff.c:665)
==12985== by 0x64A69DD: tvb_get_letohl (tvbuff.c:1111)
==12985== by 0x68A272B: dissect_mq_pdu (packet-mq.c:3169)
==12985== by 0x6AC6D3D: tcp_dissect_pdus (packet-tcp.c:2237)
==12985== by 0x689FEA6: dissect_mq_tcp (packet-mq.c:3418)
==12985== by 0x64764F3: call_dissector_through_handle (packet.c:492)
==12985== by 0x6476BAF: call_dissector_work (packet.c:586)
==12985== by 0x6467AB4: try_conversation_dissector (conversation.c:1217)
==12985== by 0x6AC6E40: decode_tcp_ports (packet-tcp.c:3810)
==12985== by 0x6AC7401: process_tcp_payload (packet-tcp.c:3926)
==12985== by 0x6AC79C9: dissect_tcp_payload (packet-tcp.c:1751)
==12985== by 0x6AC940D: dissect_tcp (packet-tcp.c:4763)
==12985== Use of uninitialised value of size 8
==12985== at 0x64A69DE: tvb_get_letohl (tvbuff.c:1112)
==12985== by 0x68A273F: dissect_mq_pdu (packet-mq.c:3170)
==12985== by 0x68A7213: dissect_mq_heur.isra.13 (packet-mq.c:3450)
==12985== by 0x6478117: dissector_try_heuristic (packet.c:1846)
==12985== by 0x6AC6EB7: decode_tcp_ports (packet-tcp.c:3881)
==12985== by 0x6AC7401: process_tcp_payload (packet-tcp.c:3926)
==12985== by 0x6AC79C9: dissect_tcp_payload (packet-tcp.c:1751)
==12985== by 0x6AC940D: dissect_tcp (packet-tcp.c:4763)
==12985== by 0x64764F3: call_dissector_through_handle (packet.c:492)
==12985== by 0x6476BAF: call_dissector_work (packet.c:586)
==12985== by 0x647746B: dissector_try_uint_new (packet.c:1017)
==12985== by 0x64774C6: dissector_try_uint (packet.c:1043)
You are receiving this mail because:
- You are watching all bug changes.
