Wireshark-bugs: [Wireshark-bugs] [Bug 7960] Buildbot crash output: fuzz-2012-11-06-1334.pcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7960
Martin Kaiser <wireshark@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wireshark@xxxxxxxxx
--- Comment #1 from Martin Kaiser <wireshark@xxxxxxxxx> 2012-11-07 13:32:58 PST ---
backtrace
#0 bytes_to_hexstr_punct (out=0x7fffffffddc0 "", ad=0x0, len=3,
punct=46 '.')
at to_str.c:138
#1 0x00007ffff4fecb2b in address_to_str_buf (addr=0x7fffffffe118,
buf=0x7fffecf64d70 "", buf_len=256) at address_to_str.c:589
#2 0x00007ffff4fece0e in se_address_to_str (addr=0x7fffffffe118)
at address_to_str.c:532
#3 0x00007ffff4febfca in se_get_addr_name (addr=0x7fffffffe118)
at addr_resolv.c:2967
#4 0x00007ffff4fefae3 in col_set_addr (pinfo=0x7fffffffe070, col=3,
addr=0x3,
is_src=0, fill_col_exprs=<value optimized out>) at
column-utils.c:1429
#5 0x00007ffff4ff2214 in col_fill_in (pinfo=0x7fffffffe070,
fill_col_exprs=0,
fill_fd_colums=<value optimized out>) at column-utils.c:1753
#6 0x0000000000417ab7 in print_packet (cf=0x644d20, edt=0x7fffffffe060)
at tshark.c:3501
#7 0x00000000004184e7 in process_packet (cf=0x644d20,
offset=<value optimized out>, whdr=<value optimized out>,
pd=<value optimized out>, filtering_tap_listeners=<value optimized
out>,
tap_flags=<value optimized out>) at tshark.c:3170
#8 0x000000000041bddc in load_cap_file (argc=<value optimized out>,
argv=<value optimized out>) at tshark.c:2952
#9 main (argc=<value optimized out>, argv=<value optimized out>)
at tshark.c:1845
when process_packet() calls print_packet(), the destination address already
contains the NULL pointer
(gdb) print edt
$7 = {tvb = 0x16c38c0, tree = 0x0, pi = {
...
dst = { type = AT_FC, hf = -1, len = 3, data = 0x0}
this is set in packet-fc.c, dissect_fc_helper()
...
SET_ADDRESS (&pinfo->dst, AT_FC, 3, tvb_get_ptr(tvb,offset+1,3));
tvb_get_ptr() throws an exception for packet 99 in the fuzz-test capture
I'm not sure how to fix this. Who should catch the exception? When reading the
file with tshark, process_packet() calls epan_dissect_run_with_taps(), which in
turn calls dissect_packet(). In dissect_packet(), there's an exception handler
for ReportedBoundsError...
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.