Wireshark mailing list archives
possible memory error in the SnifferDecompress function?
From: Lewis Burns <lewisurn () gmail com>
Date: Tue, 09 Sep 2014 15:11:03 -0700
Hi,We've recently done some unit testing on open source projects. One of issues we've found is related to the SnifferDecompress function in the wiretap/ngsniffer.c file. We're unable to determine that the memory issues shown by valgrind can actually appear in the program due to our unfamiliarity with the code base. I'm sending in a small testcase to the list and hoping that some developers can validate or invalidate that this is a bug in the code.
The output from running the SnifferDecompress function is as follows: ==5795== Memcheck, a memory error detector ==5795== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==5795== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==5795== Command: a.out ==5795== ==5795== Source and destination overlap in memcpy(0x521290b, 0x5212899, 185) ==5795== at 0x4C2F71C:memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5795== by 0x4009D0: SnifferDecompress (in /home/chaoqiang/workspace/se/klee/exp/a.out) ==5795== by 0x400B6F: main (in /home/chaoqiang/workspace/se/klee/exp/a.out) ==5795== ==5795== Source and destination overlap in memcpy(0x521ab32, 0x521ab28, 15) ==5795== at 0x4C2F71C:memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5795== by 0x400A7A: SnifferDecompress (in /home/chaoqiang/workspace/se/klee/exp/a.out) ==5795== by 0x400B6F: main (in /home/chaoqiang/workspace/se/klee/exp/a.out) ==5795== ==5795== Invalid write of size 1 ==5795== at 0x400798: SnifferDecompress (in /home/chaoqiang/workspace/se/klee/exp/a.out) ==5795== by 0x400B6F: main (in /home/chaoqiang/workspace/se/klee/exp/a.out) ==5795== Address 0x521d080 is 0 bytes after a block of size 65,536 alloc'd ==5795== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5795== by 0x400AE8: main (in /home/chaoqiang/workspace/se/klee/exp/a.out) Steps to repeat the issue: gcc -DRANDOM ngsniffer_noklee.c valgrind a.out Thanks very much, Lewis
Attachment:
ngsniffer_noklee.c
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- possible memory error in the SnifferDecompress function? Lewis Burns (Sep 09)
- Re: possible memory error in the SnifferDecompress function? Guy Harris (Sep 09)
- Re: possible memory error in the SnifferDecompress function? Guy Harris (Sep 09)
- Re: possible memory error in the SnifferDecompress function? Lewis Burns (Sep 09)
- Re: possible memory error in the SnifferDecompress function? Lewis Burns (Sep 09)
- Re: possible memory error in the SnifferDecompress function? Guy Harris (Sep 09)
- Re: possible memory error in the SnifferDecompress function? Guy Harris (Sep 09)