https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755
Bug ID: 13755
Summary: [oss-fuzz] Allocation too large: 4294967295 >
2147483648 (0xffffffff > 0x80000000)
Product: Wireshark
Version: Git
Hardware: x86-64
URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=
2017
OS: Linux (other)
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: pe...@lekensteyn.nl
Target Milestone: ---
Build Information:
TShark (Wireshark) 2.3.0 (v2.3.0rc0-3724-g6607be77f3)
Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.52.2, with zlib 1.2.11, without SMI, with c-ares 1.12.0, with Lua
5.2.4, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP,
with nghttp2 1.22.0, with LZ4, with Snappy, with libxml2 2.9.4.
Running on Linux 4.10.13-1-ARCH, with Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
(with SSE4.2), with 31996 MB of physical memory, with locale C, with libpcap
version 1.8.1, with GnuTLS 3.5.12, with Gcrypt 1.7.6, with zlib 1.2.11.
Built using clang 4.2.1 Compatible Clang 4.0.0 (tags/RELEASE_400/final).
--
A problem was found by the oss-fuzz project:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2017
Attached is the sample that triggers this error which can be reproduced with an
ASAN+UBSAN build of Wireshark ("tshark -Vr test.pcap").
--
Allocation too large: 4294967295 > 2147483648 (0xffffffff > 0x80000000)
#0 0x555a1da8c3e3 in __sanitizer_print_stack_trace (run/tshark+0x1973e3)
#1 0x7f498b08b8c6 in __sanitizer_malloc_hook (libmemlimit.so+0x8c6)
#2 0x555a1d9d08eb in __asan::asan_malloc(unsigned long,
__sanitizer::BufferedStackTrace*) (run/tshark+0xdb8eb)
#3 0x555a1da7f9b4 in malloc (run/tshark+0x18a9b4)
#4 0x7f49722fb0c8 in g_malloc /build/src/glib/glib/gmem.c:94
#5 0x7f4980210dc3 in tvb_generic_clone_offset_len epan/tvbuff.c:390:20
#6 0x7f4980210d3c in tvb_clone_offset_len epan/tvbuff.c:411:9
#7 0x7f4980232936 in subset_clone epan/tvbuff_subset.c:94:9
#8 0x7f4980210d0c in tvb_clone_offset_len epan/tvbuff.c:406:16
#9 0x7f4980232936 in subset_clone epan/tvbuff_subset.c:94:9
#10 0x7f4980210d0c in tvb_clone_offset_len epan/tvbuff.c:406:16
#11 0x7f4980232936 in subset_clone epan/tvbuff_subset.c:94:9
#12 0x7f4980210d0c in tvb_clone_offset_len epan/tvbuff.c:406:16
#13 0x7f498019551e in fragment_add_seq_work epan/reassemble.c:1843:18
#14 0x7f498017a025 in fragment_add_seq_common epan/reassemble.c:1983:6
#15 0x7f498017a87f in fragment_add_seq_check_work epan/reassemble.c:2064:12
#16 0x7f498017a146 in fragment_add_seq_check epan/reassemble.c:2101:9
#17 0x7f497dd21635 in dissect_opensafety_ssdo_message
epan/dissectors/packet-opensafety.c:1284:32
#18 0x7f497dd08279 in dissect_opensafety_message
epan/dissectors/packet-opensafety.c:1894:13
#19 0x7f497dd03e52 in opensafety_package_dissector
epan/dissectors/packet-opensafety.c:2264:18
#20 0x7f497dcff652 in dissect_opensafety_udpdata
epan/dissectors/packet-opensafety.c:2439:14
#21 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#22 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#23 0x7f497ffde8ed in dissector_try_uint_new epan/packet.c:1329:8
#24 0x7f497ffdfe29 in dissector_try_uint epan/packet.c:1353:9
#25 0x7f497e82aa8b in decode_udp_ports epan/dissectors/packet-udp.c:673:7
#26 0x7f497e8405c2 in dissect epan/dissectors/packet-udp.c:1131:5
#27 0x7f497e82f8ef in dissect_udp epan/dissectors/packet-udp.c:1137:3
#28 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#29 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#30 0x7f497ffde8ed in dissector_try_uint_new epan/packet.c:1329:8
#31 0x7f497cf539d2 in dissect_exported_pdu
epan/dissectors/packet-exported_pdu.c:307:17
#32 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#33 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#34 0x7f497ffde8ed in dissector_try_uint_new epan/packet.c:1329:8
#35 0x7f497d073c57 in dissect_frame epan/dissectors/packet-frame.c:521:11
#36 0x7f497fff50cd in call_dissector_through_handle epan/packet.c:684:8
#37 0x7f497ffdf8cf in call_dissector_work epan/packet.c:759:9
#38 0x7f497ffee4e7 in call_dissector_only epan/packet.c:2992:8
#39 0x7f497ffd6694 in call_dissector_with_data epan/packet.c:3005:8
#40 0x7f497ffd56b4 in dissect_record epan/packet.c:567:3
#41 0x7f497ff6d9f8 in epan_dissect_run_with_taps epan/epan.c:473:2
#42 0x555a1daec956 in process_packet_single_pass tshark.c:3448:5
#43 0x555a1dae55af in process_cap_file tshark.c:3279:11
#44 0x555a1dadd240 in main tshark.c:1983:17
#45 0x7f49718e9439 in __libc_start_main (/usr/lib/libc.so.6+0x20439)
#46 0x555a1d9ca009 in _start (run/tshark+0xd5009)
SUMMARY: large memory allocation request: 4294967295
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
