Wireshark mailing list archives
Re: Clang build with ASAN
From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Mon, 12 Aug 2013 18:59:45 +0200
Hi, On Mon, Aug 12, 2013 at 05:17:50PM +0200, Alexis La Goutte wrote:
I will try the ASAN feature ( http://clang.llvm.org/docs/AddressSanitizer.html ) I try to fuzz some capture from menagerie but i have already a issue with editcap (libwiretap) ./editcap -E 0.5 ../menagerie/public/10014-packet-mount-len.pcap /tmp/fuz.pcap |& ./asan_symbolize.py ================================================================= ==15448==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff7e959c70 at pc 0x43a0d3 bp 0x7fff7e959890 sp 0x7fff7e959050 READ of size 112 at 0x7fff7e959c70 thread T0 #0 0x43a0d2 in memcpy ??:0 #1 0x7faee0ab0f8d in ?? ??:0 #2 0x7faee1667a7a in pcapng_dump_open wireshark/wiretap/pcapng.c:3631 #3 0x7faee160b254 in wtap_dump_open_finish wireshark/wiretap/file_access.c:1507 #4 0x45ceb1 in main wireshark/editcap.c:1205 #5 0x7faedfea876c in ?? ??:0 #6 0x45aeec in _start ??:0 Address 0x7fff7e959c70 is located in stack of thread T0 at offset 560 in frame #0 0x7faee166679f in pcapng_dump_open wireshark/wiretap/pcapng.c:3593 I known is may be a false positive... (and i not a expert in memory stuff...)
For me it's not: Check types: **interface_data_t** interface_data; pcapng->interface_data = g_array_new(FALSE, FALSE, sizeof(**wtapng_if_descr_t**)); ... 3596 **interface_data_t** interface_data; 3604 pcapng->interface_data = g_array_new(FALSE, FALSE, sizeof(**wtapng_if_descr_t**)); 3631 g_array_append_val(pcapng->interface_data, interface_data); wtapng_if_descr_t (big structure from wtap.h) != interface_data_t (16B from pcapng.h) g_array_append_val() is trying to memcpy() 112B of interface_data (where only 16B is available) -- stack buffer overflow. Banzai for ASAN! ;] Kuba. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Clang build with ASAN Alexis La Goutte (Aug 12)
- Re: Clang build with ASAN Jakub Zawadzki (Aug 12)
- Re: Clang build with ASAN Bálint Réczey (Aug 13)
- Re: Clang build with ASAN Joerg Mayer (Aug 13)
- Re: Clang build with ASAN Evan Huus (Aug 13)
- Re: Clang build with ASAN Alexis La Goutte (Aug 13)
- Re: Clang build with ASAN Evan Huus (Aug 13)
- Re: Clang build with ASAN Bálint Réczey (Aug 13)
- Re: Clang build with ASAN Alexis La Goutte (Aug 13)
- Re: Clang build with ASAN Bálint Réczey (Aug 13)