https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468
Bug ID: 14468
Summary: Few ieee802154 packets causing tshark to crash with
null dereference
Product: Wireshark
Version: Git
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: otto.air...@gmail.com
Target Milestone: ---
Created attachment 16176
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16176&action=edit
recording
Build Information:
TShark (Wireshark) 2.5.1 (v2.5.1rc0-417-g24b5a553)
Built using clang 4.2.1 Compatible Clang 3.8.0 (tags/RELEASE_380/final).
--
ASAN:DEADLYSIGNAL
=================================================================
==130879==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc
0x7f1bba95004e bp 0x7fff3a179ad0 sp 0x7fff3a179540 T0)
#0 0x7f1bba95004d in dissect_ieee802154_common
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ieee802154.c:1350
#2 0x7f1bba94bc55 in dissect_ieee802154
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ieee802154.c:1201
#4 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#6 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#8 0x7f1bb9c578de in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
#9 0x7f1bb9c578de in dissector_try_uint
/home/fuzzer/wireshark/wireshark/epan/packet.c:1385
#11 0x7f1bba6147b0 in dissect_ethertype
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ethertype.c:259
#13 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#15 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#17 0x7f1bb9c52f0b in call_dissector_only
/home/fuzzer/wireshark/wireshark/epan/packet.c:3092
#18 0x7f1bb9c52f0b in call_dissector_with_data
/home/fuzzer/wireshark/wireshark/epan/packet.c:3105
#20 0x7f1bba61151e in dissect_eth_common
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:526
#22 0x7f1bba60df2c in dissect_eth_withoutfcs
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:811
#24 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#26 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#28 0x7f1bb9c56b62 in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
#30 0x7f1bbaae1e74 in process_l2tpv3_data
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-l2tp.c:2664
#32 0x7f1bbaad7b44 in process_l2tpv3_data_ip
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-l2tp.c:2735
#33 0x7f1bbaad7b44 in dissect_l2tp_ip
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-l2tp.c:3165
#35 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#37 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#39 0x7f1bb9c56b62 in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
#41 0x7f1bba991501 in ip_try_dissect
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ip.c:1845
#42 0x7f1bba991501 in dissect_ip_v4
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ip.c:2303
#44 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#46 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#48 0x7f1bb9c578de in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
#49 0x7f1bb9c578de in dissector_try_uint
/home/fuzzer/wireshark/wireshark/epan/packet.c:1385
#51 0x7f1bba6147b0 in dissect_ethertype
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-ethertype.c:259
#53 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#55 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#57 0x7f1bb9c52f0b in call_dissector_only
/home/fuzzer/wireshark/wireshark/epan/packet.c:3092
#58 0x7f1bb9c52f0b in call_dissector_with_data
/home/fuzzer/wireshark/wireshark/epan/packet.c:3105
#60 0x7f1bba61151e in dissect_eth_common
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:526
#62 0x7f1bba60f087 in dissect_eth
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-eth.c:801
(discriminator 3)
#64 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#66 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#68 0x7f1bb9c56b62 in dissector_try_uint_new
/home/fuzzer/wireshark/wireshark/epan/packet.c:1361
#70 0x7f1bba694901 in dissect_frame
/home/fuzzer/wireshark/wireshark/epan/dissectors/packet-frame.c:579
#72 0x7f1bb9c66291 in call_dissector_through_handle
/home/fuzzer/wireshark/wireshark/epan/packet.c:694
#74 0x7f1bb9c570bb in call_dissector_work
/home/fuzzer/wireshark/wireshark/epan/packet.c:779
#76 0x7f1bb9c52f0b in call_dissector_only
/home/fuzzer/wireshark/wireshark/epan/packet.c:3092
#77 0x7f1bb9c52f0b in call_dissector_with_data
/home/fuzzer/wireshark/wireshark/epan/packet.c:3105
#79 0x7f1bb9c51fd7 in dissect_record
/home/fuzzer/wireshark/wireshark/epan/packet.c:568
#81 0x7f1bb9c2dd8f in epan_dissect_run_with_taps
/home/fuzzer/wireshark/wireshark/epan/epan.c:540
#83 0x51929b in process_packet_second_pass
/home/fuzzer/wireshark/wireshark/tshark.c:3009
#84 0x51929b in process_cap_file
/home/fuzzer/wireshark/wireshark/tshark.c:3268
#85 0x51929b in main /home/fuzzer/wireshark/wireshark/tshark.c:2033
#87 0x7f1bb04f082f in __libc_start_main
/build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#89 0x424098 in _start ??:?
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV
(/home/fuzzer/wireshark/wireshark/epan/.libs/libwireshark.so.0+0x899604d)
==130879==ABORTING
Credit goes to: Otto Airamo and Antti Levomäki, Forcepoint
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe