[Wireshark-bugs] [Bug 13747] New: [oss-fuzz] UBSAN: division by zero in packet-thread.c:1824:82

bugzilla-daemon Wed, 31 May 2017 16:12:40 -0700

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13747


            Bug ID: 13747
           Summary: [oss-fuzz] UBSAN: division by zero in
                    packet-thread.c:1824:82
           Product: Wireshark
           Version: Git
          Hardware: x86-64
               URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=
                    1979
                OS: Linux (other)
            Status: CONFIRMED
          Severity: Major
          Priority: High
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: pe...@lekensteyn.nl
  Target Milestone: ---

Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-3646-g0a3df90afc)

Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.52.2, with zlib 1.2.11, without SMI, with c-ares 1.12.0, with Lua
5.2.4, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP,
with nghttp2 1.22.0, with LZ4, with Snappy, with libxml2 2.9.4.

Running on Linux 4.10.13-1-ARCH, with Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
(with SSE4.2), with 31996 MB of physical memory, with locale C, with libpcap
version 1.8.1, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with zlib 1.2.11.

Built using clang 4.2.1 Compatible Clang 4.0.0 (tags/RELEASE_400/final).
--
A problem was found by the oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1979

Attached is the sample that triggers this error which can be reproduced with an
ASAN+UBSAN build of Wireshark ("tshark -Vr test.pcap").
--
epan/dissectors/packet-thread.c:1824:82: runtime error: division by zero
    #0 0x7fefc327cdd7 in dissect_thread_mc
epan/dissectors/packet-thread.c:1824:82
    #1 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #2 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #3 0x7fefc4ae80d7 in call_dissector_only epan/packet.c:2992:8
    #4 0x7fefc4ad0284 in call_dissector_with_data epan/packet.c:3005:8
    #5 0x7fefc4ae8121 in call_dissector epan/packet.c:3022:9
    #6 0x7fefc24921e6 in dissect_mle epan/dissectors/packet-mle.c:1053:25
    #7 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #8 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #9 0x7fefc4ad84dd in dissector_try_uint_new epan/packet.c:1329:8
    #10 0x7fefc4ad9a19 in dissector_try_uint epan/packet.c:1353:9
    #11 0x7fefc332469b in decode_udp_ports epan/dissectors/packet-udp.c:673:7
    #12 0x7fefc333a1d2 in dissect epan/dissectors/packet-udp.c:1131:5
    #13 0x7fefc33294ff in dissect_udp epan/dissectors/packet-udp.c:1137:3
    #14 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #15 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #16 0x7fefc4ad84dd in dissector_try_uint_new epan/packet.c:1329:8
    #17 0x7fefc1fc5b5c in ip_try_dissect epan/dissectors/packet-ip.c:1854:7
    #18 0x7fefc2041685 in ipv6_dissect_next
epan/dissectors/packet-ipv6.c:2418:9
    #19 0x7fefc2044f4d in dissect_ipv6 epan/dissectors/packet-ipv6.c:2366:5
    #20 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #21 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #22 0x7fefc4ae80d7 in call_dissector_only epan/packet.c:2992:8
    #23 0x7fefc4ad0284 in call_dissector_with_data epan/packet.c:3005:8
    #24 0x7fefc4ae8121 in call_dissector epan/packet.c:3022:9
    #25 0x7fefc0e821d9 in dissect_6lowpan
epan/dissectors/packet-6lowpan.c:1059:9
    #26 0x7fefc0e82a37 in dissect_6lowpan_heur
epan/dissectors/packet-6lowpan.c:983:5
    #27 0x7fefc4ae5e15 in dissector_try_heuristic epan/packet.c:2617:7
    #28 0x7fefc1f65b59 in dissect_ieee802154_common
epan/dissectors/packet-ieee802154.c:1856:21
    #29 0x7fefc1f52d77 in dissect_ieee802154_nofcs
epan/dissectors/packet-ieee802154.c:1101:5
    #30 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #31 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #32 0x7fefc4ae80d7 in call_dissector_only epan/packet.c:2992:8
    #33 0x7fefc4ad0284 in call_dissector_with_data epan/packet.c:3005:8
    #34 0x7fefc4ae8121 in call_dissector epan/packet.c:3022:9
    #35 0x7fefc2cc6cae in dissect_scop_bridge
epan/dissectors/packet-scop.c:308:5
    #36 0x7fefc2cc6844 in dissect_scop epan/dissectors/packet-scop.c:193:13
    #37 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #38 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #39 0x7fefc4ad84dd in dissector_try_uint_new epan/packet.c:1329:8
    #40 0x7fefc4ad9a19 in dissector_try_uint epan/packet.c:1353:9
    #41 0x7fefc332469b in decode_udp_ports epan/dissectors/packet-udp.c:673:7
    #42 0x7fefc333a1d2 in dissect epan/dissectors/packet-udp.c:1131:5
    #43 0x7fefc33294ff in dissect_udp epan/dissectors/packet-udp.c:1137:3
    #44 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #45 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #46 0x7fefc4ad84dd in dissector_try_uint_new epan/packet.c:1329:8
    #47 0x7fefc1a4f842 in dissect_exported_pdu
epan/dissectors/packet-exported_pdu.c:307:17
    #48 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #49 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #50 0x7fefc4ad84dd in dissector_try_uint_new epan/packet.c:1329:8
    #51 0x7fefc1b6d9e7 in dissect_frame epan/dissectors/packet-frame.c:521:11
    #52 0x7fefc4aeecbd in call_dissector_through_handle epan/packet.c:684:8
    #53 0x7fefc4ad94bf in call_dissector_work epan/packet.c:759:9
    #54 0x7fefc4ae80d7 in call_dissector_only epan/packet.c:2992:8
    #55 0x7fefc4ad0284 in call_dissector_with_data epan/packet.c:3005:8
    #56 0x7fefc4acf2a4 in dissect_record epan/packet.c:567:3
    #57 0x7fefc4a675e8 in epan_dissect_run_with_taps epan/epan.c:473:2
    #58 0x5597453d5956 in process_packet_single_pass tshark.c:3448:5
    #59 0x5597453ce5af in process_cap_file tshark.c:3279:11
    #60 0x5597453c6240 in main tshark.c:1983:17
    #61 0x7fefb6430439 in __libc_start_main (/usr/lib/libc.so.6+0x20439)
    #62 0x5597452b3009 in _start (run/tshark+0xd5009)

SUMMARY: AddressSanitizer: undefined-behavior
epan/dissectors/packet-thread.c:1824:82 in

-- 
You are receiving this mail because:
You are watching all bug changes.

___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13747] New: [oss-fuzz] UBSAN: division by zero in packet-thread.c:1824:82

Reply via email to