Wireshark-bugs: [Wireshark-bugs] [Bug 8197] PER dissector crash
Date: Mon, 14 Jan 2013 21:42:22 +0000

Comment # 4 on bug 8197 from
My build info is:
TShark 1.8.5 (SVN Rev 47051 from /trunk-1.8)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.34.1, with libpcap, with libz 1.2.7, without
POSIX
capabilities, without SMI, without c-ares, without ADNS, without Lua, without
Python, without GnuTLS, without Gcrypt, without Kerberos, without GeoIP.

Running on Linux 3.5.0-21-generic, with locale fr_FR.UTF-8, with libpcap
version
1.3.0, with libz 1.2.7.

Built using gcc 4.7.2.

It runs on Ubuntu 12.10 x64 and I get the same segmentation fault as Laurent in
frame 1242.

With trunk (revision 47047), the call stack is:
#0  sl_alloc (mem_chunk=mem_chunk@entry=0x7ffff6c5dbd0 <item_label_slab>)
    at emem.c:905
#1  0x00007ffff4eca53b in proto_tree_set_representation_value (
    pi=pi@entry=0x7ffff7fdb4e0, format=format@entry=0x7ffff5ede173 "%s", 
    ap=ap@entry=0x7fffffffb928) at proto.c:3610
#2  0x00007ffff4f1b9be in proto_tree_add_uint_format_value (
    tree=tree@entry=0x7ffff7fec120, hfindex=129498, tvb=tvb@entry=0x0, 
    start=start@entry=0, length=length@entry=0, value=value@entry=6291456, 
    format=format@entry=0x7ffff5ede173 "%s") at proto.c:2994
#3  0x00007ffff4efe100 in expert_set_info_vformat (ap=0x7fffffffba68, 
    format=<optimized out>, severity=6291456, group=117440512, 
    pi=0x7ffff7fd6150, pinfo=0x7fffffffd780) at expert.c:192
#4  expert_add_info_format (pinfo=<optimized out>, 
    pi=pi@entry=0x7ffff7fd6150, group=group@entry=117440512, 
    severity=severity@entry=6291456, 
    format=format@entry=0x7ffff5a889a8 "BER Error: Unknown field in SET")
    at expert.c:229
#5  0x00007ffff5001cb2 in dissect_ber_set (implicit_tag=implicit_tag@entry=0, 
    actx=actx@entry=0x7fffffffbe20, parent_tree=0x7ffff7fd6b40, 
    tvb=tvb@entry=0x173f300, offset=<optimized out>, offset@entry=0, 
    set=0x7ffff6c12d60 <CPA_PPDU_set>, hf_id=72721, ett_id=19862)
    at packet-ber.c:2883
#6  0x00007ffff53edb82 in dissect_pres_CPA_PPDU (hf_index=<optimized out>, 
    tree=<optimized out>, actx=<optimized out>, offset=<optimized out>, 
    tvb=<optimized out>, implicit_tag=<optimized out>)
    at ../../asn1/pres/pres.cnf:321
#7  dissect_ppdu (tree=0x7ffff7fec000, pinfo=0x7fffffffd780, offset=0, 
    tvb=0x173f300) at ../../asn1/pres/packet-pres-template.c:268
#8  dissect_pres (tvb=0x173f300, pinfo=0x7fffffffd780, 
    parent_tree=0x7ffff7fec000) at ../../asn1/pres/packet-pres-template.c:359
#9  0x00007ffff4f04df8 in call_dissector_through_handle (handle=0xec1000, 
    tvb=0x173f300, pinfo=0x7fffffffd780, tree=0x7ffff7fec000, data=""
    at packet.c:458
#10 0x00007ffff4f0569d in call_dissector_work (handle=0xec1000, 
    tvb=0x173f300, pinfo_arg=0x7fffffffd780, tree=0x7ffff7fec000, 
    add_proto_name=1, data="" at packet.c:549
#11 0x00007ffff4f07411 in call_dissector_with_data (handle=<optimized out>, 
    tvb=tvb@entry=0x173f300, pinfo=pinfo@entry=0x7fffffffd780, 
    tree=tree@entry=0x7ffff7fec000, data="" at packet.c:2076
#12 0x00007ffff4f074d8 in call_dissector (handle=<optimized out>, 
    tvb=tvb@entry=0x173f300, pinfo=pinfo@entry=0x7fffffffd780, 
    tree=tree@entry=0x7ffff7fec000) at packet.c:2094
[...]

Same kind of crash, but from packet-ber.c instead of packet-per.c. The
offending frame is also number 1242.


You are receiving this mail because:
  • You are watching all bug changes.