Skip to content
GitLab
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
    Projects Groups Topics Snippets
  • Register
  • Sign in
  • wireshark wireshark
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 1.4k
    • Issues 1.4k
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 178
    • Merge requests 178
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • External wiki
    • External wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Wireshark FoundationWireshark Foundation
  • wiresharkwireshark
  • Issues
  • #17704
Closed
Open
Issue created Nov 01, 2021 by A Wireshark GitLab Utility@ws-gitlab-utilityDeveloper

Fuzz job crash output: fuzz-2021-10-31-6829.pcap

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2021-10-31-6829.pcap

stderr:

Input file: /var/menagerie/menagerie/11137-kismet_drone_server.pcapng.gz

Build host information:
Linux runner-yq5rrvnm-project-7898047-concurrent-0 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:50:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.3 LTS
Release:	20.04
Codename:	focal

CI job ASan Menagerie Fuzz, ID 1733304355: 

Return value:  0

Dissector bug:  0

Valgrind error count:  0



Latest (but not necessarily the problem) commit:
6ae0044e docs: Update documentation to use ',' as set separator


Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2  -nVxr
Running as user "root" and group "root". This could be dangerous.
AddressSanitizer:DEADLYSIGNAL
=================================================================
==43252==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fde84f77e6b bp 0x7fffd078f410 sp 0x7fffd078df20 T0)
==43252==The signal is caused by a READ memory access.
==43252==Hint: address points to the zero page.
    #0 0x7fde84f77e6b in dissect_wlan_radio_phdr /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211-radio.c:841:9
    #1 0x7fde84f76d54 in dissect_wlan_radio /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211-radio.c:1497:3
    #2 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #3 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #4 0x7fde872dba00 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3300:8
    #5 0x7fde872d0a54 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3313:8
    #6 0x7fde84f88d5f in dissect_radiotap /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211-radiotap.c:3859:2
    #7 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #8 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #9 0x7fde872d4073 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1464:8
    #10 0x7fde872d4a82 in dissector_try_uint /builds/wireshark/wireshark/build/../epan/packet.c:1488:9
    #11 0x7fde851b3aa2 in dissect_kdsp_message /builds/wireshark/wireshark/build/../epan/dissectors/packet-kdsp.c:416:11
    #12 0x7fde85d3ac24 in tcp_dissect_pdus /builds/wireshark/wireshark/build/../epan/dissectors/packet-tcp.c:4167:13
    #13 0x7fde851b2dae in dissect_kdsp /builds/wireshark/wireshark/build/../epan/dissectors/packet-kdsp.c:533:3
    #14 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #15 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #16 0x7fde872d4073 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1464:8
    #17 0x7fde85d3c2a6 in decode_tcp_ports /builds/wireshark/wireshark/build/../epan/dissectors/packet-tcp.c:6324:9
    #18 0x7fde85d42923 in process_tcp_payload /builds/wireshark/wireshark/build/../epan/dissectors/packet-tcp.c:6400:13
    #19 0x7fde85d4031c in desegment_tcp /builds/wireshark/wireshark/build/../epan/dissectors/packet-tcp.c:3635:9
    #20 0x7fde85d3e121 in dissect_tcp_payload /builds/wireshark/wireshark/build/../epan/dissectors/packet-tcp.c:6473:9
    #21 0x7fde85d4f522 in dissect_tcp /builds/wireshark/wireshark/build/../epan/dissectors/packet-tcp.c:7446:17
    #22 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #23 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #24 0x7fde872d4073 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1464:8
    #25 0x7fde8504d1ee in ip_try_dissect /builds/wireshark/wireshark/build/../epan/dissectors/packet-ip.c:1817:7
    #26 0x7fde85052457 in dissect_ip_v4 /builds/wireshark/wireshark/build/../epan/dissectors/packet-ip.c:2306:10
    #27 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #28 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #29 0x7fde872d4073 in dissector_try_uint_new /builds/wireshark/wireshark/build/../epan/packet.c:1464:8
    #30 0x7fde872d4a82 in dissector_try_uint /builds/wireshark/wireshark/build/../epan/packet.c:1488:9
    #31 0x7fde84c30c73 in dissect_ethertype /builds/wireshark/wireshark/build/../epan/dissectors/packet-ethertype.c:296:21
    #32 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #33 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #34 0x7fde872dba00 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3300:8
    #35 0x7fde872d0a54 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3313:8
    #36 0x7fde84c2da70 in dissect_eth_common /builds/wireshark/wireshark/build/../epan/dissectors/packet-eth.c:576:5
    #37 0x7fde84c2c5d7 in dissect_eth /builds/wireshark/wireshark/build/../epan/dissectors/packet-eth.c:882:5
    #38 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #39 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #40 0x7fde872dba00 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3300:8
    #41 0x7fde84cb99b8 in dissect_frame /builds/wireshark/wireshark/build/../epan/dissectors/packet-frame.c:863:6
    #42 0x7fde872dee4a in call_dissector_through_handle /builds/wireshark/wireshark/build/../epan/packet.c:755:9
    #43 0x7fde872d46e3 in call_dissector_work /builds/wireshark/wireshark/build/../epan/packet.c:848:9
    #44 0x7fde872dba00 in call_dissector_only /builds/wireshark/wireshark/build/../epan/packet.c:3300:8
    #45 0x7fde872d0a54 in call_dissector_with_data /builds/wireshark/wireshark/build/../epan/packet.c:3313:8
    #46 0x7fde872d0238 in dissect_record /builds/wireshark/wireshark/build/../epan/packet.c:622:3
    #47 0x7fde872a3a78 in epan_dissect_run_with_taps /builds/wireshark/wireshark/build/../epan/epan.c:629:2
    #48 0x55722b7c0a25 in process_packet_second_pass /builds/wireshark/wireshark/build/../tshark.c:3246:5
    #49 0x55722b7bee7d in process_cap_file_second_pass /builds/wireshark/wireshark/build/../tshark.c:3388:9
    #50 0x55722b7b929c in process_cap_file /builds/wireshark/wireshark/build/../tshark.c:3658:28
    #51 0x55722b7b3441 in main /builds/wireshark/wireshark/build/../tshark.c:2098:16
    #52 0x7fde799cf0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #53 0x55722b6e04ad in _start (/builds/wireshark/wireshark/_install/bin/tshark+0x5f4ad)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /builds/wireshark/wireshark/build/../epan/dissectors/packet-ieee80211-radio.c:841:9 in dissect_wlan_radio_phdr
==43252==ABORTING

fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.

no debug trace

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking