https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14403

            Bug ID: 14403
           Summary: Missing bounds check on memory allocation in pcapng.c
           Product: Wireshark
           Version: Git
          Hardware: x86-64
                OS: Linux
            Status: UNCONFIRMED
          Severity: Major
          Priority: Low
         Component: Capture file support (libwiretap)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: mag...@stubman.eu
  Target Milestone: ---

Build Information:
** (process:47134): WARNING **: No such preference "capture.devices_buffersize"
at line 286 of
/home/magnus/.wireshark/preferences (save preferences to remove this warning)
TShark (Wireshark) 2.5.1 (28960d79)

Copyright 1998-2018 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) without libpcap, with GLib 2.42.1, with zlib 1.2.8, without
SMI, with c-ares 1.10.0, with Lua 5.2.3, without GnuTLS, with Gcrypt 1.6.3,
without Kerberos, without GeoIP, without nghttp2, without LZ4, without Snappy,
with libxml2 2.9.1.

Running on Linux 3.16.0-5-amd64, with Intel(R) Core(TM) i7-6920HQ CPU @ 2.90GHz
(with SSE4.2), with 7359 MB of physical memory, with locale en_US.UTF-8, with
Gcrypt 1.6.3, with zlib 1.2.8.

Built using gcc 4.9.2.
--
magnus@h4xb0x:~/projects/wireshark/fuzz/wiresharknoasan$ git rev-parse HEAD
28960d79cca262ac6b974f339697b299a1e28fef
magnus@h4xb0x:~/projects/wireshark/fuzz/wiresharknoasan$ cat ../hugealloc.pcap
| base64
Cg0NCjgAAABNPCsaAQAAAP//////////BAARAEVkSHRjYXAgMi4xLjEtZ2l0AOsAAAAAADgAAAAE
AgAALAD//wAACAAIAP//////////CQABAAYAAAAAAAAALAAAAAYAAABEAQD////wAOIFBAAyVVRA
ZEwoTgBzQQEBAAAAZAEBDgoDDQo4AAAAZDwrRiAaAQAgAMZkKBr/gFQgTE0gFzMuMAD//wAACAAI
AP////////8BgAAAVXoATXM/Zm9ZIFdvcmtnd291cC4SWDAAMlUgVwBNPCsaAQAAAP//////////
BAARbwACTEFOTXM/Zm9ZIHJrAlNhbWJhAAJOAQBkAAAAIGYgaS7y8j4+Pj4+Pj4+Pj4+Pj4+Pj4+
PvLy8vIrGgEAAET4IBD//////wQXEdPTAAf58gD6AA==
magnus@h4xb0x:~/projects/wireshark/fuzz/wiresharknoasan$ sha256sum
../hugealloc.pcap 
d06e724d1404481916ceb5d31749e8da09eeba7a5ee74e227871c3d103b5450b 
../hugealloc.pcap
magnus@h4xb0x:~/projects/wireshark/fuzz/wiresharknoasan$ valgrind ./tshark -r
../hugealloc.pcap
==39549== Memcheck, a memory error detector
==39549== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==39549== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==39549== Command: ./tshark -r ../hugealloc.pcap
==39549== 
==39549== Thread 2 register_all_protocols_worker:
==39549== Conditional jump or move depends on uninitialised value(s)
==39549==    at 0x1150E32: ws_mempbrk_sse42_compile (ws_mempbrk_sse42.c:69)
==39549== 

** (process:39549): WARNING **: No such preference "capture.devices_buffersize"
at line 286 of
/home/magnus/.wireshark/preferences (save preferences to remove this warning)
buffer->allocated: 2048
space: 4294901768

(process:39549): GLib-ERROR **:
/build/glib2.0-y6934K/glib2.0-2.42.1/./glib/gmem.c:168: failed to allocate
4294904840 bytes
==39549== 
==39549== Process terminating with default action of signal 5 (SIGTRAP)
==39549==    at 0x541FD30: g_logv (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==39549==    by 0x541FF6E: g_log (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==39549==    by 0x541E8B6: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==39549==    by 0x114A37A: ws_buffer_assure_space (buffer.c:97)
==39549==    by 0x49CC54: wtap_read_packet_bytes (wtap.c:1337)
==39549==    by 0x490967: pcapng_read_sysdig_event_block (pcapng.c:2262)
==39549==    by 0x490967: pcapng_read_block (pcapng.c:2429)
==39549==    by 0x49220C: pcapng_read (pcapng.c:2640)
==39549==    by 0x49CAA7: wtap_read (wtap.c:1230)
==39549==    by 0x45B2CA: process_cap_file (tshark.c:3318)
==39549==    by 0x45B2CA: main (tshark.c:2024)
==39549== 
==39549== HEAP SUMMARY:
==39549==     in use at exit: 28,211,768 bytes in 42,733 blocks
==39549==   total heap usage: 52,260 allocs, 9,527 frees, 4,329,591,134 bytes
allocated
==39549== 
==39549== LEAK SUMMARY:
==39549==    definitely lost: 0 bytes in 0 blocks
==39549==    indirectly lost: 0 bytes in 0 blocks
==39549==      possibly lost: 0 bytes in 0 blocks
==39549==    still reachable: 28,211,768 bytes in 42,733 blocks
==39549==         suppressed: 0 bytes in 0 blocks
==39549== Rerun with --leak-check=full to see details of leaked memory
==39549== 
==39549== For counts of detected and suppressed errors, rerun with: -v
==39549== Use --track-origins=yes to see where uninitialised values come from
==39549== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Trace/breakpoint trap

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to