https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477
Bug ID: 13477
Summary: Fuzzed UDP packet causes large memory usage
Product: Wireshark
Version: Git
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: otto.air...@gmail.com
Created attachment 15330
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15330&action=edit
PCAP causing issue
Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-2662-g7119b66)
Built using gcc 5.4.0 20160609.
--
Fuzzed PCAP containing singe UDP packet uses all the memory on tshark 2.0.2 and
a resent build from repository (commit
7119b6691f318efa90bfe42a98d1b812dac183b5)
Example GDB backtrace from 'tshark -r <pcap>' Interrupted after using 4GB of
memory:
Program received signal SIGINT, Interrupt.
0x00007ffff4b0368a in parse_wbxml_attribute_list_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=154,
str_tbl=str_tbl@entry=4, level=<optimized out>,
codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at
packet-wbxml.c:7078
7078 if ((peek & 0x3F) < 5) switch (peek) { /* Global tokens
(gdb) bt
#0 0x00007ffff4b0368a in parse_wbxml_attribute_list_defined
(tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28,
offset=offset@entry=154,
str_tbl=str_tbl@entry=4, level=<optimized out>,
codepage_attr=0x7fffffffcd1b "", map=0x7ffff64a8760 <decode_sic_10>) at
packet-wbxml.c:7078
#1 0x00007ffff4b046a2 in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=153,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7562
#2 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=114,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#3 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=113,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#4 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=112,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#5 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=111,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#6 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=110,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#7 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=109,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#8 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=108,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#9 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=107,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#10 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=106,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#11 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=105,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#12 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=104,
str_tbl=str_tbl@entry=4, level=level@entry=0x7fffffffcd19 "\021",
codepage_stag=0x7fffffffcd1a "", codepage_attr=0x7fffffffcd1b "",
map=0x7ffff64a8760 <decode_sic_10>) at packet-wbxml.c:7534
#13 0x00007ffff4b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0,
tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=102,
---Type <return> to continue, or q <return> to quit---
Credit goes to: Otto Airamo and Antti Levomäki, Forcepoint
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
