Wireshark-commits: [Wireshark-commits] master 0c425e8: ceph: clear_address() to make sure to use in
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0c425e857aa9b0c81b38404f78b4d613cc9167a1
Submitter: Jakub Zawadzki (darkjames-ws@xxxxxxxxxxxx)
Changed: branch: master
Repository: wireshark
Commits:
0c425e8 by Jakub Zawadzki (darkjames-ws@xxxxxxxxxxxx):
ceph: clear_address() to make sure to use initialized memory in set_address()
oss-fuzz triggered: set_address: assertion failed: (addr_data == NULL).
Valgrind confirms that ceph was passing uninitialized value to set_address()
==16301== Conditional jump or move depends on uninitialised value(s)
==16301== at 0x6C37762: set_address (address.h:78)
==16301== by 0x6C37762: copy_address_shallow (address.h:253)
==16301== by 0x6C37762: c_node_copy (packet-ceph.c:1433)
==16301== by 0x6C37F72: c_conv_data_copy (packet-ceph.c:1455)
==16301== by 0x6C37F72: c_conv_data_clone (packet-ceph.c:1464)
==16301== by 0x6C37F72: c_pkt_data_save.isra.4.part.5 (packet-ceph.c:1593)
==16301== by 0x6C40EAE: c_pkt_data_save (packet-ceph.c:1561)
==16301== by 0x6C40EAE: dissect_ceph.isra.60 (packet-ceph.c:7046)
==16301== by 0x6C4186A: dissect_ceph_heur (packet-ceph.c:7111)
Found by oss-fuzz/6148.
Change-Id: I8ec762d541fd8cfd919710cf460c44968707dcc5
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6148
Reviewed-on: https://code.wireshark.org/review/25736
Petri-Dish: Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>
Actions performed:
from 32ab834 SIGCOMP: use correct message length
adds 0c425e8 ceph: clear_address() to make sure to use initialized memory in set_address()
Summary of changes:
epan/dissectors/packet-ceph.c | 1 +
1 file changed, 1 insertion(+)
