Wireshark-bugs: [Wireshark-bugs] [Bug 9579] New: Clang ASAN : global-buffer-overflow SNMP : diss
Date: Wed, 18 Dec 2013 17:23:37 +0000
Bug ID | 9579 |
---|---|
Summary | Clang ASAN : global-buffer-overflow SNMP : dissect_ber_choice |
Classification | Unclassified |
Product | Wireshark |
Version | unspecified |
Hardware | All |
OS | Windows 8 |
Status | UNCONFIRMED |
Severity | Normal |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | alexis.lagoutte@gmail.com |
Build Information: -- I fuzzing wireshark with ASAN ( http://clang.llvm.org/docs/AddressSanitizer.html) and it found the following issue : Input file: ../menagerie/asan/03-13_los_altos.pcap ==27162==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f9a5a81f0f8 at pc 0x7f9a564466bb bp 0x7fff4674ea10 sp 0x7fff4674ea08 READ of size 8 at 0x7f9a5a81f0f8 thread T0 #0 0x7f9a564466ba in dissect_ber_choice /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:3345 #1 0x7f9a5746def1 in dissect_snmp_RegisterResponse /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/snmp/snmp.cnf:421 #2 0x7f9a564461f4 in dissect_ber_choice /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:3432 #3 0x7f9a5746dd43 in dissect_snmp_SMUX_PDUs /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/snmp/snmp.cnf:475 #4 0x7f9a562671a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512 #5 0x7f9a56266e03 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030 #6 0x7f9a56d4a736 in decode_tcp_ports /home/alagoutte/wireshark-clang/epan/dissectors/packet-tcp.c:3916 #7 0x7f9a56d4d6a1 in process_tcp_payload /home/alagoutte/wireshark-clang/epan/dissectors/packet-tcp.c:3975 #8 0x7f9a56d4b685 in desegment_tcp /home/alagoutte/wireshark-clang/epan/dissectors/packet-tcp.c:1800 #9 0x7f9a56d55186 in dissect_tcp /home/alagoutte/wireshark-clang/epan/dissectors/packet-tcp.c:4826 #10 0x7f9a562671a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512 #11 0x7f9a56266e03 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030 #12 0x7f9a568699b7 in dissect_ip /home/alagoutte/wireshark-clang/epan/dissectors/packet-ip.c:2403 #13 0x7f9a562671a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512 #14 0x7f9a5626745b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030 #15 0x7f9a566b532c in dissect_ethertype /home/alagoutte/wireshark-clang/epan/dissectors/packet-ethertype.c:305 #16 0x7f9a5626717d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:508 #17 0x7f9a5626a48c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139 #18 0x7f9a566b3d82 in dissect_eth_common /home/alagoutte/wireshark-clang/epan/dissectors/packet-eth.c:472 #19 0x7f9a562671a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512 #20 0x7f9a5626745b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030 #21 0x7f9a56702fa0 in dissect_frame /home/alagoutte/wireshark-clang/epan/dissectors/packet-frame.c:488 #22 0x7f9a562671a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512 #23 0x7f9a5626a48c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139 #24 0x7f9a56265cc3 in call_dissector /home/alagoutte/wireshark-clang/epan/packet.c:2169 #25 0x7f9a56246828 in epan_dissect_run_with_taps /home/alagoutte/wireshark-clang/epan/epan.c:329 #26 0x4a0995 in process_packet /home/alagoutte/wireshark-clang/tshark.c:3453 #27 0x49c487 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3256 #28 0x7f9a4f1f8de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 #29 0x48595c in _start ??:? 0x7f9a5a81f0f8 is located 8 bytes to the left of global variable 'PDUs_choice' from 'packet-snmp.c' (0x7f9a5a81f100) of size 400 0x7f9a5a81f0f8 is located 32 bytes to the right of global variable 'RegisterResponse_choice' from 'packet-snmp.c' (0x7f9a5a81f060) of size 120 SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ?? Shadow bytes around the buggy address: 0x0ff3cb4fbdc0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x0ff3cb4fbdd0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x0ff3cb4fbde0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x0ff3cb4fbdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff3cb4fbe00: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 =>0x0ff3cb4fbe10: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9[f9] 0x0ff3cb4fbe20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff3cb4fbe30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff3cb4fbe40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff3cb4fbe50: 00 00 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 0x0ff3cb4fbe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==27162==ABORTING
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 9579] Clang ASAN : global-buffer-overflow SNMP : dissect_ber_choice
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9579] Clang ASAN : global-buffer-overflow SNMP : dissect_ber_choice
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9579] Clang ASAN : global-buffer-overflow SNMP : dissect_ber_choice
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9579] Clang ASAN : global-buffer-overflow SNMP : dissect_ber_choice
- Prev by Date: [Wireshark-bugs] [Bug 9578] Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
- Next by Date: [Wireshark-bugs] [Bug 9579] Clang ASAN : global-buffer-overflow SNMP : dissect_ber_choice
- Previous by thread: [Wireshark-bugs] [Bug 9578] Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address
- Next by thread: [Wireshark-bugs] [Bug 9579] Clang ASAN : global-buffer-overflow SNMP : dissect_ber_choice
- Index(es):