Wireshark-bugs: [Wireshark-bugs] [Bug 9323] Buildbot crash output: fuzz-2013-10-25-12569.pcap
Comment # 16
on bug 9323
from Evan Huus
In addition to Jakub's concern, this patch causes a crash with the capture from
bug #9292 with the following trace:
#2 0x00007f74e834edf4 in g_malloc (n_bytes=n_bytes@entry=437014187) at
/build/buildd/glib2.0-2.38.0/./glib/gmem.c:109
#3 0x00007f74e8366138 in g_strndup (
str=0x7f74ea7e9f38 "wrong_fieldWrong field in SEQUENCE expected
class:%s(%d) tag:%d but found class:%s(%d) tag:%d", n=437014186)
at /build/buildd/glib2.0-2.38.0/./glib/gstrfuncs.c:428
#4 0x00007f74e9c02f14 in proto_tree_set_string (fi=0x2978bf4, value=<optimized
out>, length=<optimized out>) at proto.c:2596
#5 0x00007f74e9c06a73 in proto_tree_add_string (tree=tree@entry=0x297b9e4,
hfindex=6744, tvb=<optimized out>, start=<optimized out>, length=437014186,
value=0x7f74ea7e9f38 "wrong_fieldWrong field in SEQUENCE expected
class:%s(%d) tag:%d but found class:%s(%d) tag:%d") at proto.c:2494
#6 0x00007f74e9c0c2ff in proto_tree_add_string_format_value
(tree=tree@entry=0x297b9e4, hfindex=<optimized out>, tvb=tvb@entry=0x27fe850,
start=start@entry=60, length=<optimized out>,
value=value@entry=0x7f74ea7e9f38 "wrong_fieldWrong field in SEQUENCE
expected class:%s(%d) tag:%d but found class:%s(%d) tag:%d",
format=0x7f74eab2f6fe "CONTEXT") at proto.c:2516
#7 0x00007f74e9ced05c in dissect_ber_old_sequence
(implicit_tag=implicit_tag@entry=0, actx=0x7ffff37358d0, parent_tree=<optimized
out>, tvb=0x27fe850,
offset=60, seq=0x7f74ebe326d8 <KDC_REQ_sequence+24>,
seq@entry=0x7f74ebe326c0 <KDC_REQ_sequence>, hf_id=hf_id@entry=-1,
ett_id=ett_id@entry=-1)
at packet-ber.c:2472
#8 0x00007f74e9fbacb0 in dissect_krb5_KDC_REQ (tree=<optimized out>,
tvb=<optimized out>, offset=<optimized out>, actx=<optimized out>)
at packet-kerberos.c:4022
#9 0x00007f74e9ce9f7e in dissect_ber_old_choice
(actx=actx@entry=0x7ffff37358d0, parent_tree=0x297b9e4,
tvb=tvb@entry=0x27a5540,
offset=<optimized out>, choice=choice@entry=0x7f74eb6729a0
<kerberos_applications_choice>, hf_id=hf_id@entry=-1, ett_id=ett_id@entry=-1,
branch_taken=branch_taken@entry=0x0) at packet-ber.c:3612
#10 0x00007f74e9fbeafd in dissect_kerberos_common (tvb=0x27a5540,
pinfo=pinfo@entry=0x2782388, tree=<optimized out>, dci=dci@entry=1,
do_col_protocol=do_col_protocol@entry=1, have_rm=have_rm@entry=1,
cb=cb@entry=0x0) at packet-kerberos.c:4783
because it's adding a string with an invalid length, and we're trying to alloc
that much to do the strndup.
You are receiving this mail because:
- You are watching all bug changes.