Wireshark-bugs: [Wireshark-bugs] [Bug 8456] Buildbot crash output: fuzz-2013-03-10-3098.pcap
Evan Huus
changed
bug 8456
What |
Removed |
Added |
CC |
|
darkjames-ws@darkjames.pl
|
Comment # 2
on bug 8456
from Evan Huus
Fixed the null-pointer dereference crashes in r48224.
Valgrind is still giving me at least the following errors though:
==7472== Use of uninitialised value of size 8
==7472== at 0x927A723: g_hash_table_lookup (ghash.c:372)
==7472== by 0x6C60F80: find_pol_handle (packet-dcerpc-nt.c:620)
==7472== by 0x6C61F20: dcerpc_fetch_polhnd_data (packet-dcerpc-nt.c:896)
==7472== by 0x6992D51: dissect_smb2 (packet-smb2.c:7000)
==7472== by 0x69936E6: dissect_smb2_heur (packet-smb2.c:7103)
==7472== by 0x6380B2F: dissector_try_heuristic (packet.c:1804)
==7472== by 0x68055A3: dissect_netbios_payload (packet-netbios.c:1056)
==7472== by 0x67D04AD: dissect_nbss_packet (packet-nbns.c:1623)
==7472== by 0x67D068A: dissect_nbss (packet-nbns.c:1827)
==7472== by 0x637ECC7: call_dissector_through_handle (packet.c:458)
==7472== by 0x637F4EC: call_dissector_work (packet.c:549)
==7472== by 0x637FD3F: dissector_try_uint_new (packet.c:966)
and
==7472== Invalid read of size 1
==7472== at 0x4C2D7A2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7472== by 0x4175C1: print_packet (tshark.c:3392)
==7472== by 0x418F7F: process_packet (tshark.c:3212)
==7472== by 0x40B5F1: main (tshark.c:2994)
==7472== Address 0x1624c930 is 0 bytes inside a block of size 13 free'd
==7472== at 0x4C2BA6C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7472== by 0x6372F0B: emem_free_all (emem.c:1164)
==7472== by 0x63758C8: epan_dissect_run_with_taps (epan.c:221)
==7472== by 0x418DD6: process_packet (tshark.c:3197)
==7472== by 0x40B5F1: main (tshark.c:2994)
Jakub, CCing you since I suspect the latter is a side-effect of when you
reduced the scope of ep_ memory?
You are receiving this mail because:
- You are watching all bug changes.