https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477
Bug ID: 13477 Summary: Fuzzed UDP packet causes large memory usage Product: Wireshark Version: Git Hardware: All OS: All Status: UNCONFIRMED Severity: Major Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: otto.air...@gmail.com Created attachment 15330 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15330&action=edit PCAP causing issue Build Information: TShark (Wireshark) 2.3.0 (v2.3.0rc0-2662-g7119b66) Built using gcc 5.4.0 20160609. -- Fuzzed PCAP containing singe UDP packet uses all the memory on tshark 2.0.2 and a resent build from repository (commit 7119b6691f318efa90bfe42a98d1b812dac183b5) Example GDB backtrace from 'tshark -r <pcap>' Interrupted after using 4GB of memory: Program received signal SIGINT, Interrupt. 0x00007ffff4b0368a in parse_wbxml_attribute_list_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=154, str_tbl=str_tbl@entry=4, level=<optimized out>, codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7078 7078 if ((peek & 0x3F) < 5) switch (peek) { /* Global tokens (gdb) bt #0 0x00007ffff4b0368a in parse_wbxml_attribute_list_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=154, str_tbl=str_tbl@entry=4, level=<optimized out>, codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7078 #1 0x00007ffff4b046a2 in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=153, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7562 #2 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=114, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #3 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=113, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #4 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=112, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #5 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=111, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #6 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=110, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #7 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=109, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #8 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=108, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #9 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=107, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #10 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=106, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #11 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=105, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #12 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=104, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021", codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534 #13 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=102, ---Type <return> to continue, or q <return> to quit--- Credit goes to: Otto Airamo and Antti Levomäki, Forcepoint -- You are receiving this mail because: You are watching all bug changes.
___________________________________________________________________________ Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe