Wireshark-bugs: [Wireshark-bugs] [Bug 8456] Buildbot crash output: fuzz-2013-03-10-3098.pcap
Date: Sun, 10 Mar 2013 13:45:18 +0000

changed bug 8456

What Removed Added
CC   darkjames-ws@darkjames.pl

Comment # 2 on bug 8456 from
Fixed the null-pointer dereference crashes in r48224.

Valgrind is still giving me at least the following errors though:

==7472== Use of uninitialised value of size 8
==7472==    at 0x927A723: g_hash_table_lookup (ghash.c:372)
==7472==    by 0x6C60F80: find_pol_handle (packet-dcerpc-nt.c:620)
==7472==    by 0x6C61F20: dcerpc_fetch_polhnd_data (packet-dcerpc-nt.c:896)
==7472==    by 0x6992D51: dissect_smb2 (packet-smb2.c:7000)
==7472==    by 0x69936E6: dissect_smb2_heur (packet-smb2.c:7103)
==7472==    by 0x6380B2F: dissector_try_heuristic (packet.c:1804)
==7472==    by 0x68055A3: dissect_netbios_payload (packet-netbios.c:1056)
==7472==    by 0x67D04AD: dissect_nbss_packet (packet-nbns.c:1623)
==7472==    by 0x67D068A: dissect_nbss (packet-nbns.c:1827)
==7472==    by 0x637ECC7: call_dissector_through_handle (packet.c:458)
==7472==    by 0x637F4EC: call_dissector_work (packet.c:549)
==7472==    by 0x637FD3F: dissector_try_uint_new (packet.c:966)

and

==7472== Invalid read of size 1
==7472==    at 0x4C2D7A2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7472==    by 0x4175C1: print_packet (tshark.c:3392)
==7472==    by 0x418F7F: process_packet (tshark.c:3212)
==7472==    by 0x40B5F1: main (tshark.c:2994)
==7472==  Address 0x1624c930 is 0 bytes inside a block of size 13 free'd
==7472==    at 0x4C2BA6C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7472==    by 0x6372F0B: emem_free_all (emem.c:1164)
==7472==    by 0x63758C8: epan_dissect_run_with_taps (epan.c:221)
==7472==    by 0x418DD6: process_packet (tshark.c:3197)
==7472==    by 0x40B5F1: main (tshark.c:2994)

Jakub, CCing you since I suspect the latter is a side-effect of when you
reduced the scope of ep_ memory?


You are receiving this mail because:
  • You are watching all bug changes.