[Wireshark-bugs] [Bug 14468] New: Few ieee802154 packets causing tshark to crash with null dereference

bugzilla-daemon Fri, 02 Mar 2018 01:21:07 -0800

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468


            Bug ID: 14468
           Summary: Few ieee802154 packets causing tshark to crash with
                    null dereference
           Product: Wireshark
           Version: Git
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: Major
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: otto.air...@gmail.com
  Target Milestone: ---

Created attachment 16176
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16176&action=edit
recording

Build Information:
TShark (Wireshark) 2.5.1 (v2.5.1rc0-417-g24b5a553)
Built using clang 4.2.1 Compatible Clang 3.8.0 (tags/RELEASE_380/final).
--
ASAN:DEADLYSIGNAL
=================================================================
==130879==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc
0x7f1bba95004e bp 0x7fff3a179ad0 sp 0x7fff3a179540 T0)
    #0 0x7f1bba95004d in dissect_ieee802154_common
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ieee802154.c:1350
    #2 0x7f1bba94bc55 in dissect_ieee802154
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ieee802154.c:1201
    #4 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #6 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #8 0x7f1bb9c578de in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
    #9 0x7f1bb9c578de in dissector_try_uint
/home/fuzzer/wireshark/wireshark/epan/packet.c:1385
    #11 0x7f1bba6147b0 in dissect_ethertype
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ethertype.c:259
    #13 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #15 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #17 0x7f1bb9c52f0b in call_dissector_only
/home/fuzzer/wireshark/wireshark/epan/packet.c:3092
    #18 0x7f1bb9c52f0b in call_dissector_with_data
/home/fuzzer/wireshark/wireshark/epan/packet.c:3105
    #20 0x7f1bba61151e in dissect_eth_common
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:526
    #22 0x7f1bba60df2c in dissect_eth_withoutfcs
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:811
    #24 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #26 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #28 0x7f1bb9c56b62 in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
    #30 0x7f1bbaae1e74 in process_l2tpv3_data
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-l2tp.c:2664
    #32 0x7f1bbaad7b44 in process_l2tpv3_data_ip
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-l2tp.c:2735
    #33 0x7f1bbaad7b44 in dissect_l2tp_ip
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-l2tp.c:3165
    #35 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #37 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #39 0x7f1bb9c56b62 in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
    #41 0x7f1bba991501 in ip_try_dissect
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ip.c:1845
    #42 0x7f1bba991501 in dissect_ip_v4
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ip.c:2303
    #44 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #46 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #48 0x7f1bb9c578de in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
    #49 0x7f1bb9c578de in dissector_try_uint
/home/fuzzer/wireshark/wireshark/epan/packet.c:1385
    #51 0x7f1bba6147b0 in dissect_ethertype
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ethertype.c:259
    #53 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #55 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #57 0x7f1bb9c52f0b in call_dissector_only
/home/fuzzer/wireshark/wireshark/epan/packet.c:3092
    #58 0x7f1bb9c52f0b in call_dissector_with_data
/home/fuzzer/wireshark/wireshark/epan/packet.c:3105
    #60 0x7f1bba61151e in dissect_eth_common
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:526
    #62 0x7f1bba60f087 in dissect_eth
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:801
(discriminator 3)
    #64 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #66 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #68 0x7f1bb9c56b62 in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
    #70 0x7f1bba694901 in dissect_frame
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-frame.c:579
    #72 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
    #74 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
    #76 0x7f1bb9c52f0b in call_dissector_only
/home/fuzzer/wireshark/wireshark/epan/packet.c:3092
    #77 0x7f1bb9c52f0b in call_dissector_with_data
/home/fuzzer/wireshark/wireshark/epan/packet.c:3105
    #79 0x7f1bb9c51fd7 in dissect_record
/home/fuzzer/wireshark/wireshark/epan/packet.c:568
    #81 0x7f1bb9c2dd8f in epan_dissect_run_with_taps
/home/fuzzer/wireshark/wireshark/epan/epan.c:540
    #83 0x51929b in process_packet_second_pass
/home/fuzzer/wireshark/wireshark/tshark.c:3009
    #84 0x51929b in process_cap_file
/home/fuzzer/wireshark/wireshark/tshark.c:3268
    #85 0x51929b in main /home/fuzzer/wireshark/wireshark/tshark.c:2033
    #87 0x7f1bb04f082f in __libc_start_main
/build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
    #89 0x424098 in _start ??:?

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/home/fuzzer/wireshark/wireshark/epan/.libs/libwireshark.so.0+0x899604d)
==130879==ABORTING

Credit goes to: Otto Airamo and Antti Levomäki, Forcepoint

-- 
You are receiving this mail because:
You are watching all bug changes.

___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14468] New: Few ieee802154 packets causing tshark to crash with null dereference

Reply via email to