Wireshark-bugs: [Wireshark-bugs] [Bug 10897] New: Clang ASAN : AddressSanitizer: global-buffer-o
Date: Tue, 27 Jan 2015 17:08:48 +0000
Bug ID | 10897 |
---|---|
Summary | Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI |
Product | Wireshark |
Version | Git |
Hardware | All |
OS | All |
Status | UNCONFIRMED |
Severity | Minor |
Priority | Low |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | alexis.lagoutte@gmail.com |
Build Information: -- I fuzzing wireshark with ASAN ( http://clang.llvm.org/docs/AddressSanitizer.html) and it found the following issue : Input file: ../menagerie/public/2386-e60_92_.pcap Build host information: Linux dev 3.11.0-18-generic #32-Ubuntu SMP Tue Feb 18 21:11:14 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 13.10 Release: 13.10 Codename: saucy Return value: 1 Dissector bug: 0 Valgrind error count: 0 ================================================================= ==23693==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f5a7412a62f at pc 0x7f5a72b1a8eb bp 0x7ffffaf64770 sp 0x7ffffaf64768 READ of size 1 at 0x7f5a7412a62f thread T0 #0 0x7f5a72b1a8ea in tele_param_cb_num /home/alagoutte/wireshark-clang/epan/dissectors/packet-ansi_637.c:1454 #1 0x7f5a72b167a0 in dissect_ansi_637_tele_message /home/alagoutte/wireshark-clang/epan/dissectors/packet-ansi_637.c:2261 #2 0x7f5a729cb509 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:630 #3 0x7f5a729cb789 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1149 #4 0x7f5a737c47f2 in dissect_ansi_map_SMS_TeleserviceIdentifier /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_map/ansi_map.cnf:341 #5 0x7f5a72ba3d17 in dissect_ber_set /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:2666 #6 0x7f5a737c64bf in dissect_ansi_map_SMSDeliveryPointToPoint_U /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_map/ansi_map.cnf:672 #7 0x7f5a72b9ab1c in dissect_ber_tagged_type /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:713 #8 0x7f5a737bb415 in dissect_ansi_map_HandoffMeasurementRequest /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_map/ansi_map.cnf:754 #9 0x7f5a729cb4da in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:626 #10 0x7f5a729c98bc in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2394 #11 0x7f5a737cfc95 in find_tcap_subdissector /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/packet-ansi_tcap-template.c:350 #12 0x7f5a737cfeb5 in dissect_ansi_tcap_T_parameter /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/ansi_tcap.cnf:88 #13 0x7f5a72ba2647 in dissect_ber_sequence /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:2418 #14 0x7f5a737cf479 in dissect_ansi_tcap_Invoke /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/ansi_tcap.cnf:97 #15 0x7f5a72ba4f87 in dissect_ber_choice /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:2916 #16 0x7f5a737cf431 in dissect_ansi_tcap_ComponentPDU /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/ansi_tcap.cnf:256 #17 0x7f5a72ba701c in dissect_ber_sq_of /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:3515 #18 0x7f5a72ba77b5 in dissect_ber_sequence_of /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:3546 #19 0x7f5a737cf3ef in dissect_ansi_tcap_SEQUENCE_OF_ComponentPDU /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/ansi_tcap.cnf:270 #20 0x7f5a72b9aacf in dissect_ber_tagged_type /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:710 #21 0x7f5a737cf3ad in dissect_ansi_tcap_ComponentSequence /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/ansi_tcap.cnf:280 #22 0x7f5a72ba2647 in dissect_ber_sequence /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:2418 #23 0x7f5a737ce6a4 in dissect_ansi_tcap_TransactionPDU /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/ansi_tcap.cnf:145 #24 0x7f5a72ba4f87 in dissect_ber_choice /home/alagoutte/wireshark-clang/epan/dissectors/packet-ber.c:2916 #25 0x7f5a737ce42c in dissect_ansi_tcap_PackageType /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/ansi_tcap/ansi_tcap.cnf:173 #26 0x7f5a729cb509 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:630 #27 0x7f5a729c98bc in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2394 #28 0x7f5a73cbf286 in dissect_tcap /home/alagoutte/wireshark-clang/epan/dissectors/../../asn1/tcap/packet-tcap-template.c:2006 #29 0x7f5a729cb509 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:630 #30 0x7f5a729cb158 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1149 #31 0x7f5a733ebc0b in dissect_sccp_data_param /home/alagoutte/wireshark-clang/epan/dissectors/packet-sccp.c:2344 (discriminator 1) #32 0x7f5a733eb26f in dissect_sccp_parameter /home/alagoutte/wireshark-clang/epan/dissectors/packet-sccp.c:2557 #33 0x7f5a733eb5fb in dissect_sccp_variable_parameter /home/alagoutte/wireshark-clang/epan/dissectors/packet-sccp.c:2638 #34 0x7f5a733e800b in dissect_sccp_message /home/alagoutte/wireshark-clang/epan/dissectors/packet-sccp.c:2949 #35 0x7f5a729cb509 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:630 #36 0x7f5a729cb789 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1149 #37 0x7f5a7319b204 in dissect_mtp3_payload /home/alagoutte/wireshark-clang/epan/dissectors/packet-mtp3.c:646 #38 0x7f5a729cb509 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:630 #39 0x7f5a729cb789 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1149 #40 0x7f5a72e89d19 in dissect_frame /home/alagoutte/wireshark-clang/epan/dissectors/packet-frame.c:494 #41 0x7f5a729cb4da in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:626 #42 0x7f5a729c98bc in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2394 #43 0x7f5a729c939b in dissect_record /home/alagoutte/wireshark-clang/epan/packet.c:499 #44 0x7f5a729a9cae in epan_dissect_run_with_taps /home/alagoutte/wireshark-clang/epan/epan.c:346 #45 0x4d7a39 in process_packet /home/alagoutte/wireshark-clang/tshark.c:3619 #46 0x4d2eee in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3380 #47 0x7f5a69134de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 #48 0x4c157c in _start ??:? 0x7f5a7412a62f is located 49 bytes to the left of global variable '<string literal>' defined in 'packet-ansi_637.c:1766:17' (0x7f5a7412a660) of size 8 '<string literal>' is ascii string 'Unknown' 0x7f5a7412a62f is located 0 bytes to the right of global variable 'air_digits' defined in 'packet-ansi_637.c:205:28' (0x7f5a7412a620) of size 15 SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 ?? Shadow bytes around the buggy address: 0x0febce81d470: 00 02 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 02 f9 0x0febce81d480: f9 f9 f9 f9 00 07 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0febce81d490: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 03 f9 f9 0x0febce81d4a0: f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 0x0febce81d4b0: 00 00 00 02 f9 f9 f9 f9 00 00 00 00 00 01 f9 f9 =>0x0febce81d4c0: f9 f9 f9 f9 00[07]f9 f9 f9 f9 f9 f9 00 f9 f9 f9 0x0febce81d4d0: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 00 00 0x0febce81d4e0: 01 f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 f9 f9 f9 f9 0x0febce81d4f0: 00 05 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 05 f9 0x0febce81d500: f9 f9 f9 f9 00 00 00 00 00 00 00 03 f9 f9 f9 f9 0x0febce81d510: 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc ASan internal: fe ==23693==ABORTING
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- Prev by Date: [Wireshark-bugs] [Bug 10894] Dumpcap has stopped working
- Next by Date: [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- Previous by thread: [Wireshark-bugs] [Bug 10896] Qt UI can crash when filtering out all packets then interacting with byte pane
- Next by thread: [Wireshark-bugs] [Bug 10897] Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI
- Index(es):