Wireshark-bugs: [Wireshark-bugs] [Bug 3438] Buildbot crash output: fuzz-2009-04-24-2891.pcap
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 29 Apr 2009 15:22:44 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3438


Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2975|                            |review_for_checkin?
               Flag|                            |




--- Comment #1 from Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx>  2009-04-29 15:22:41 PDT ---
Created an attachment (id=2975)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2975)
Use SE_COPY_ADDRESS() for address kept in rsvp_request_hash

>From valgrind log:

==31878== 1 errors in context 1 of 2:
==31878== Invalid read of size 1
==31878==    at 0x618BE33: rsvp_equal (packet-rsvp.c:1440)
==31878==    by 0xBB3E612: g_hash_table_insert_internal (in
/usr/lib64/libglib-2.0.so.0.1800.4)
==31878==    by 0x618BC55: dissect_rsvp (packet-rsvp.c:5898)
==31878==    by 0x5DA1921: call_dissector_through_handle (packet.c:405)
==31878==    by 0x5DA20C8: call_dissector_work (packet.c:496)
==31878==    by 0x5DA2FB1: dissector_try_port_new (packet.c:882)
==31878==    by 0x60295AD: dissect_ip (packet-ip.c:1762)
==31878==    by 0x5DA1921: call_dissector_through_handle (packet.c:405)
==31878==    by 0x5DA20C8: call_dissector_work (packet.c:496)
==31878==    by 0x5DA2FB1: dissector_try_port_new (packet.c:882)
==31878==    by 0x5F5A941: ethertype (packet-ethertype.c:240)
==31878==    by 0x5F582BE: dissect_eth_common (packet-eth.c:343)
==31878==    by 0x5DA1921: call_dissector_through_handle (packet.c:405)
==31878==    by 0x5DA20C8: call_dissector_work (packet.c:496)
==31878==    by 0x5DA2FB1: dissector_try_port_new (packet.c:882)
==31878==    by 0x5F92C4E: dissect_frame (packet-frame.c:328)
==31878==    by 0x5DA1921: call_dissector_through_handle (packet.c:405)
==31878==    by 0x5DA20C8: call_dissector_work (packet.c:496)
==31878==    by 0x5DA21F0: call_dissector (packet.c:1812)
==31878==    by 0x5DA3A7F: dissect_packet (packet.c:336)

line 1440:
    if (ADDRESSES_EQUAL(&key1->source_info.source,
                        &key2->source_info.source) == FALSE)

Looking at the sources I don't how rsvp_request_hash is used, but anyway If we
still want to keep it.
I think SE_COPY_ADDRESS() should be used instead of SET_ADDRESS()


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.