Wireshark-bugs: [Wireshark-bugs] [Bug 9246] Buildbot crash output: fuzz-2013-10-07-7748.pcap
Evan Huus
changed
bug 9246
What |
Removed |
Added |
Attachment #11740 Flags |
review_for_checkin?
|
review_for_checkin-
|
Comment # 9
on bug 9246
from Evan Huus
Comment on attachment 11740 [details]
patch to fix memory leaks in c1222 dissector
This causes valgrind to print the following warnings:
==4771== Invalid read of size 1
==4771== at 0x4C2EB14: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771== by 0x6BB725B: decrypt_packet (string3.h:51)
==4771== by 0x6BB866C: dissect_c1222_User_information
(packet-c1222-template.c:946)
==4771== by 0x6584256: dissect_ber_sequence (packet-ber.c:2234)
==4771== by 0x6BB693F: dissect_c1222_MESSAGE_U (c1222.cnf:72)
==4771== by 0x6581101: dissect_ber_tagged_type (packet-ber.c:622)
==4771== by 0x6BB6854: dissect_c1222_common (c1222.cnf:82)
==4771== by 0x648D2D3: call_dissector_through_handle (packet.c:492)
==4771== by 0x648D98F: call_dissector_work (packet.c:586)
==4771== by 0x648E24B: dissector_try_uint_new (packet.c:1017)
==4771== by 0x648E2A6: dissector_try_uint (packet.c:1043)
==4771== by 0x6B16C67: decode_udp_ports (packet-udp.c:339)
==4771== Address 0x10a0b3a2 is 2 bytes inside a block of size 3 free'd
==4771== at 0x4C2B60C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771== by 0x94DC742: g_hash_table_remove_all_nodes (ghash.c:500)
==4771== by 0x94DD480: g_hash_table_remove_all (ghash.c:1347)
==4771== by 0x6EFC30B: wmem_leave_packet_scope (wmem_scopes.c:83)
==4771== by 0x412E52: process_packet (tshark.c:3345)
==4771== by 0x40B45A: main (tshark.c:3138)
==4771==
==4771== Invalid read of size 1
==4771== at 0x4C2EB14: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771== by 0x6BB725B: decrypt_packet (string3.h:51)
==4771== by 0x6BB872C: dissect_c1222_User_information
(packet-c1222-template.c:966)
==4771== by 0x6584256: dissect_ber_sequence (packet-ber.c:2234)
==4771== by 0x6BB693F: dissect_c1222_MESSAGE_U (c1222.cnf:72)
==4771== by 0x6581101: dissect_ber_tagged_type (packet-ber.c:622)
==4771== by 0x6BB6854: dissect_c1222_common (c1222.cnf:82)
==4771== by 0x648D2D3: call_dissector_through_handle (packet.c:492)
==4771== by 0x648D98F: call_dissector_work (packet.c:586)
==4771== by 0x648E24B: dissector_try_uint_new (packet.c:1017)
==4771== by 0x648E2A6: dissector_try_uint (packet.c:1043)
==4771== by 0x6B16C67: decode_udp_ports (packet-udp.c:339)
==4771== Address 0x13017432 is 2 bytes inside a block of size 3 free'd
==4771== at 0x4C2B60C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771== by 0x94DC742: g_hash_table_remove_all_nodes (ghash.c:500)
==4771== by 0x94DD480: g_hash_table_remove_all (ghash.c:1347)
==4771== by 0x6EFC30B: wmem_leave_packet_scope (wmem_scopes.c:83)
==4771== by 0x412E52: process_packet (tshark.c:3345)
==4771== by 0x40B45A: main (tshark.c:3138)
so I guess at least one of those places has to stick around longer than just
the packet scope.
You are receiving this mail because:
- You are watching all bug changes.