OSS-FUZZ 62370: wireshark:fuzzshark_ip_proto-udp: Heap-buffer-overflow in ws_manuf_lookup_str
OSS-Fuzz found the following:
==2871==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x616000011096 at pc 0x000000530bc1 bp 0x7ffeb5fdeed0 sp 0x7ffeb5fde6a0
READ of size 6 at 0x616000011096 thread T0
SCARINESS: 20 (6-byte-read-heap-buffer-overflow)
#0 0x530bc0 in __asan_memcpy /src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
#1 0x8a5f36 in ws_manuf_lookup_str wireshark/epan/manuf.c:128:5
#2 0x8882b8 in get_manuf_name_if_known wireshark/epan/addr_resolv.c:3506:18
#3 0x8882b8 in tvb_get_manuf_name_if_known wireshark/epan/addr_resolv.c:3545:12
#4 0x12c4f0b in add_manuf wireshark/epan/dissectors/packet-ieee80211.c:10118:16
#5 0x12c4f0b in dissect_roaming_consortium wireshark/epan/dissectors/packet-ieee80211.c:26902:3
#6 0x7164eb in call_dissector_through_handle wireshark/epan/packet.c:857:9
#7 0x7164eb in call_dissector_work wireshark/epan/packet.c:948:9
#8 0x715fe2 in dissector_try_uint_new wireshark/epan/packet.c:1551:8
#9 0x12a3adb in add_tagged_field_with_validation wireshark/epan/dissectors/packet-ieee80211.c:30204:8
#10 0x12defb4 in add_tagged_field wireshark/epan/dissectors/packet-ieee80211.c:30044:10
#11 0x12defb4 in ieee_80211_add_tagged_parameters wireshark/epan/dissectors/packet-ieee80211.c:35853:19
#12 0x12defb4 in dissect_ieee80211_mgt wireshark/epan/dissectors/packet-ieee80211.c:36162:9
#13 0x12defb4 in dissect_ieee80211_pv0 wireshark/epan/dissectors/packet-ieee80211.c:40018:7
#14 0x12d4c2e in dissect_ieee80211_common wireshark/epan/dissectors/packet-ieee80211.c:40354:5
#15 0x12a7829 in dissect_ieee80211_withoutfcs wireshark/epan/dissectors/packet-ieee80211.c:40424:3
#16 0x7164eb in call_dissector_through_handle wireshark/epan/packet.c:857:9
#17 0x7164eb in call_dissector_work wireshark/epan/packet.c:948:9
#18 0x712e6a in call_dissector_only wireshark/epan/packet.c:3450:8
#19 0x712e6a in call_dissector_with_data wireshark/epan/packet.c:3463:8
#20 0x153c1ea in dissect_lwapp wireshark/epan/dissectors/packet-lwapp.c:453:9
#21 0x7164eb in call_dissector_through_handle wireshark/epan/packet.c:857:9
#22 0x7164eb in call_dissector_work wireshark/epan/packet.c:948:9
#23 0x7169bf in dissector_try_uint_new wireshark/epan/packet.c:1551:8
#24 0x7169bf in dissector_try_uint wireshark/epan/packet.c:1575:9
#25 0x1eb8529 in decode_udp_ports wireshark/epan/dissectors/packet-udp.c:681:27
#26 0x1ebd932 in dissect wireshark/epan/dissectors/packet-udp.c:1251:9
#27 0x1eba71c in dissect_udp wireshark/epan/dissectors/packet-udp.c:1257:5
#28 0x7164eb in call_dissector_through_handle wireshark/epan/packet.c:857:9
#29 0x7164eb in call_dissector_work wireshark/epan/packet.c:948:9
#30 0x72066f in call_dissector_only wireshark/epan/packet.c:3450:8
#31 0x72066f in call_all_postdissectors wireshark/epan/packet.c:3879:3
#32 0x1054863 in dissect_frame wireshark/epan/dissectors/packet-frame.c:1481:5
#33 0x7164eb in call_dissector_through_handle wireshark/epan/packet.c:857:9
#34 0x7164eb in call_dissector_work wireshark/epan/packet.c:948:9
#35 0x712e6a in call_dissector_only wireshark/epan/packet.c:3450:8
#36 0x712e6a in call_dissector_with_data wireshark/epan/packet.c:3463:8
#37 0x712524 in dissect_record wireshark/epan/packet.c:661:3
#38 0x704934 in epan_dissect_run wireshark/epan/epan.c:626:2
#39 0x56eea0 in LLVMFuzzerTestOneInput wireshark/fuzz/fuzzshark.c:382:2
#40 0x4406a3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#41 0x42be02 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#42 0x4316ac in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#43 0x45abe2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#44 0x7d59aaf63082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16
#45 0x421fcd in _start
Reproducer: clusterfuzz-testcase-minimized-fuzzshark_ip_proto-udp-6013938384633856.pcap