Wireshark-bugs: [Wireshark-bugs] [Bug 6369] RDP dissector: Buildbot crash output: fuzz-2011-09-2
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6369
Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jeff.morriss.ws@xxxxxxxxx
--- Comment #6 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2011-09-24 18:05:48 PDT ---
My valgrind gives this output which looks like it may be useful:
~~~
==4855== Invalid write of size 4
==4855== at 0x64D5611: dissect_rdp_ServerData (packet-rdp.c:1913)
==4855== by 0x60696EF: call_dissector_through_handle (packet.c:384)
==4855== by 0x6069D44: call_dissector_work (packet.c:475)
==4855== by 0x606A7A5: dissector_try_string (packet.c:1165)
==4855== by 0x68F1430: dissect_t124_T_value (t124.cnf:79)
==4855== by 0x6497D62: dissect_per_sequence (packet-per.c:1891)
==4855== by 0x68F022A: dissect_t124_UserData_item (t124.cnf:98)
==4855== by 0x6494202: dissect_per_sequence_of_helper (packet-per.c:568)
==4855== by 0x6495178: dissect_per_sequence_of (packet-per.c:599)
==4855== by 0x68F129A: dissect_t124_UserData (t124.cnf:111)
==4855== by 0x6497D62: dissect_per_sequence (packet-per.c:1891)
==4855== by 0x68F0AEA: dissect_t124_ConferenceCreateResponse (t124.cnf:1751)
==4855== Address 0x17cdfec0 is 0 bytes after a block of size 544 alloc'd
==4855== at 0x4C24B84: calloc (vg_replace_malloc.c:467)
==4855== by 0x88EB667: g_malloc0 (in /lib64/libglib-2.0.so.0.2800.8)
==4855== by 0x64D5751: dissect_rdp_ServerData (packet-rdp.c:1820)
==4855== by 0x60696EF: call_dissector_through_handle (packet.c:384)
==4855== by 0x6069D44: call_dissector_work (packet.c:475)
==4855== by 0x606A7A5: dissector_try_string (packet.c:1165)
==4855== by 0x68F1430: dissect_t124_T_value (t124.cnf:79)
==4855== by 0x6497D62: dissect_per_sequence (packet-per.c:1891)
==4855== by 0x68F022A: dissect_t124_UserData_item (t124.cnf:98)
==4855== by 0x6494202: dissect_per_sequence_of_helper (packet-per.c:568)
==4855== by 0x6495178: dissect_per_sequence_of (packet-per.c:599)
==4855== by 0x68F129A: dissect_t124_UserData (t124.cnf:111)
==4855==
==4855== Invalid read of size 4
==4855== at 0x605E132: p_compare (conversation.c:1008)
==4855== by 0x89016B0: g_slist_find_custom (in
/lib64/libglib-2.0.so.0.2800.8)
==4855== by 0x605EF82: conversation_get_proto_data (conversation.c:1039)
==4855== by 0x65CA0D2: get_tcp_conversation_data (packet-tcp.c:430)
==4855== by 0x65CCA5C: dissect_tcp (packet-tcp.c:3828)
==4855== by 0x60696EF: call_dissector_through_handle (packet.c:384)
==4855== by 0x6069D44: call_dissector_work (packet.c:475)
==4855== by 0x606A4B5: dissector_try_uint_new (packet.c:900)
==4855== by 0x636A5BC: dissect_ip (packet-ip.c:1741)
==4855== by 0x60696EF: call_dissector_through_handle (packet.c:384)
==4855== by 0x6069D44: call_dissector_work (packet.c:475)
==4855== by 0x606A4B5: dissector_try_uint_new (packet.c:900)
==4855== Address 0x5293 is not stack'd, malloc'd or (recently) free'd
==4855==
==4855==
==4855== Process terminating with default action of signal 11 (SIGSEGV)
==4855== Access not within mapped region at address 0x5293
==4855== at 0x605E132: p_compare (conversation.c:1008)
==4855== by 0x89016B0: g_slist_find_custom (in
/lib64/libglib-2.0.so.0.2800.8)
==4855== by 0x605EF82: conversation_get_proto_data (conversation.c:1039)
==4855== by 0x65CA0D2: get_tcp_conversation_data (packet-tcp.c:430)
==4855== by 0x65CCA5C: dissect_tcp (packet-tcp.c:3828)
~~~
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.