Wireshark-bugs: [Wireshark-bugs] [Bug 9246] Buildbot crash output: fuzz-2013-10-07-7748.pcap
Date: Wed, 09 Oct 2013 17:15:42 +0000

changed bug 9246

What Removed Added
Attachment #11740 Flags review_for_checkin? review_for_checkin-

Comment # 9 on bug 9246 from
Comment on attachment 11740 [details]
patch to fix memory leaks in c1222 dissector

This causes valgrind to print the following warnings:

==4771== Invalid read of size 1
==4771==    at 0x4C2EB14: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771==    by 0x6BB725B: decrypt_packet (string3.h:51)
==4771==    by 0x6BB866C: dissect_c1222_User_information
(packet-c1222-template.c:946)
==4771==    by 0x6584256: dissect_ber_sequence (packet-ber.c:2234)
==4771==    by 0x6BB693F: dissect_c1222_MESSAGE_U (c1222.cnf:72)
==4771==    by 0x6581101: dissect_ber_tagged_type (packet-ber.c:622)
==4771==    by 0x6BB6854: dissect_c1222_common (c1222.cnf:82)
==4771==    by 0x648D2D3: call_dissector_through_handle (packet.c:492)
==4771==    by 0x648D98F: call_dissector_work (packet.c:586)
==4771==    by 0x648E24B: dissector_try_uint_new (packet.c:1017)
==4771==    by 0x648E2A6: dissector_try_uint (packet.c:1043)
==4771==    by 0x6B16C67: decode_udp_ports (packet-udp.c:339)
==4771==  Address 0x10a0b3a2 is 2 bytes inside a block of size 3 free'd
==4771==    at 0x4C2B60C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771==    by 0x94DC742: g_hash_table_remove_all_nodes (ghash.c:500)
==4771==    by 0x94DD480: g_hash_table_remove_all (ghash.c:1347)
==4771==    by 0x6EFC30B: wmem_leave_packet_scope (wmem_scopes.c:83)
==4771==    by 0x412E52: process_packet (tshark.c:3345)
==4771==    by 0x40B45A: main (tshark.c:3138)
==4771== 
==4771== Invalid read of size 1
==4771==    at 0x4C2EB14: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771==    by 0x6BB725B: decrypt_packet (string3.h:51)
==4771==    by 0x6BB872C: dissect_c1222_User_information
(packet-c1222-template.c:966)
==4771==    by 0x6584256: dissect_ber_sequence (packet-ber.c:2234)
==4771==    by 0x6BB693F: dissect_c1222_MESSAGE_U (c1222.cnf:72)
==4771==    by 0x6581101: dissect_ber_tagged_type (packet-ber.c:622)
==4771==    by 0x6BB6854: dissect_c1222_common (c1222.cnf:82)
==4771==    by 0x648D2D3: call_dissector_through_handle (packet.c:492)
==4771==    by 0x648D98F: call_dissector_work (packet.c:586)
==4771==    by 0x648E24B: dissector_try_uint_new (packet.c:1017)
==4771==    by 0x648E2A6: dissector_try_uint (packet.c:1043)
==4771==    by 0x6B16C67: decode_udp_ports (packet-udp.c:339)
==4771==  Address 0x13017432 is 2 bytes inside a block of size 3 free'd
==4771==    at 0x4C2B60C: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4771==    by 0x94DC742: g_hash_table_remove_all_nodes (ghash.c:500)
==4771==    by 0x94DD480: g_hash_table_remove_all (ghash.c:1347)
==4771==    by 0x6EFC30B: wmem_leave_packet_scope (wmem_scopes.c:83)
==4771==    by 0x412E52: process_packet (tshark.c:3345)
==4771==    by 0x40B45A: main (tshark.c:3138)

so I guess at least one of those places has to stick around longer than just
the packet scope.


You are receiving this mail because:
  • You are watching all bug changes.