https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448
--- Comment #31 from Guy Harris <[email protected]> --- (In reply to Jörg Mayer from comment #28) > Bug 12075 has a method of reliably triggering a failure in capture. This > will reliably trigger a crash on macOS that I have seen lots of times while > working on this bug. > After confirming the error message the screen returns to the start screen > and crashes a few seconds later. > > (process:31939): Main-DEBUG: Translator system > ASAN:DEADLYSIGNAL > ================================================================= > ==31939==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 NULL pointer dereference. > (pc > 0x000112152c00 bp 0x7fff506cea30 sp 0x7fff506ce1b0 T0) > #0 0x112152bff in wrap_strcmp (libclang_rt.asan_osx_dynamic.dylib+0xdbff) > #1 0x10fff43de in capture_stats (Wireshark+0x100ac63de) That would be the strcmp() in for (sc_entry = sc->cache_list; sc_entry != NULL; sc_entry = g_list_next(sc_entry)) { sc_item = (if_stat_cache_item_t *)sc_entry->data; if (strcmp(sc_item->name, ifname) == 0) { memcpy(ps, &sc_item->ps, sizeof(struct pcap_stat)); return TRUE; } } unless the compiler has inlined capture_stat_cache_update(), in which case it might also be the strcmp() in while (sync_pipe_gets_nonblock(sc->stat_fd, stat_line, MAX_STAT_LINE_LEN) > 0) { g_strstrip(stat_line); stat_parts = g_strsplit(stat_line, "\t", 3); if (stat_parts[0] == NULL || stat_parts[1] == NULL || stat_parts[2] == NULL) { g_strfreev(stat_parts); continue; } for (sc_entry = sc->cache_list; sc_entry != NULL; sc_entry = g_list_next(sc_entry)) { sc_item = (if_stat_cache_item_t *)sc_entry->data; if (strcmp(sc_item->name, stat_parts[0]) == 0) { sc_item->ps.ps_recv = (u_int) strtoul(stat_parts[1], NULL, 10); sc_item->ps.ps_drop = (u_int) strtoul(stat_parts[2], NULL, 10); } } g_strfreev(stat_parts); } The first crash would happen if the item's name were null or the inflame passed in were null. The second crash would happen if the item's name were null; there's already a check for whether stat_parts[0] is null before the strcmp(). -- You are receiving this mail because: You are watching all bug changes.
___________________________________________________________________________ Sent via: Wireshark-bugs mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:[email protected]?subject=unsubscribe
