Wireshark mailing list archives
strlen() and NULL pointer checks
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 16 May 2011 16:18:40 -0400
Hi folks,Every once in a while, I do some fuzz testing on a Solaris/SPARC system. When I first did it I was primarily worried about getting bus errors (due to casts increasing alignment requirements), but usually what I find is another case of what I fixed in r37181. (Fortunately, I have not gotten bus errors.)
The backtrace for that one was:
#0 0xfc4b2150 in strlen () from /usr/lib/libc.so.1 #1 0xfc51d704 in _ndoprnt () from /usr/lib/libc.so.1 #2 0xfc51fe24 in vsnprintf () from /usr/lib/libc.so.1#3 0xfd19c07c in proto_tree_set_representation_value (pi=0xff850be8, format=0xfe6d2c48 "(%s) Type %u: Value (hex bytes): %s", ap=0xffbfdb50) at /Wireshark/source/epan/proto.c:3651 #4 0xfd190184 in proto_tree_add_bytes_format_value (tree=0xff850ba0, hfindex=48268, tvb=0x507e84, start=210, length=4, start_ptr=0x0, format=0xfe6d2c48 "(%s) Type %u: Value (hex bytes): %s") at /Wireshark/source/epan/proto.c:1908 #5 0xfd8ab260 in dissect_v9_v10_pdu_data (tvb=0x507e84, pinfo=0xffbff1c8, pdutree=0xff850ba0, offset=210, tplt=0xff461a10, hdrinfo=0xffbfdee0, fields_type=TF_ENTRIES) at /Wireshark/source/epan/dissectors/packet-netflow.c:4791
The basic problem is that Solaris' strlen() seg-faults if given a NULL pointer whereas a lot of other implementations just return 0. Unfortunately glib does not appear to provide a safe alternative.
To avoid me being the only one doing this test, I have half-seriously contemplated:
1) building a version of strlen() which seg-faults when given a NULL pointer 2) building it into a shared library3) using LD_PRELOAD to use this library when fuzz testing (at least on systems that support LD_PRELOAD)
Is there a better way? Or better yet, a proper solution? Regards, -Jeff ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- strlen() and NULL pointer checks Jeff Morriss (May 16)
- Re: strlen() and NULL pointer checks Chris Maynard (May 16)
- Re: strlen() and NULL pointer checks Gerald Combs (May 16)
- Re: strlen() and NULL pointer checks Jeff Morriss (May 16)
- Re: strlen() and NULL pointer checks Jakub Zawadzki (May 16)
- Re: strlen() and NULL pointer checks Jeff Morriss (May 16)
- Re: strlen() and NULL pointer checks Guy Harris (May 16)
- Re: strlen() and NULL pointer checks Jeff Morriss (May 17)
- Re: strlen() and NULL pointer checks Jeff Morriss (May 16)
- Re: strlen() and NULL pointer checks Chris Maynard (May 16)