Wireshark mailing list archives
Re: Crash during fuzzing
From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Mon, 10 Aug 2015 22:27:03 +0200
No crash still happening... $ ../tools/test-captures.sh -b run ../data/hpfeeds_all_packets_sample.pcap Testing file ../data/hpfeeds_all_packets_sample.pcap... - with tree... OK - without tree... OK - without tree but with a read filter... OK $ On Mon, Aug 10, 2015 at 10:09 PM, Evan Huus <eapache () gmail com> wrote:
The best way to reproduce fuzzer bugs is with ./tools/test-captures.sh which sets all the same environment variables and flags as the main fuzz script. Since the error was in a memory canary, valgrind and/or ASAN may also prove useful. Evan On Mon, Aug 10, 2015 at 3:52 PM, Dario Lombardo <dario.lombardo.ml () gmail com> wrote:Hi list II was fuzzing a protocol, and I experienced a crash. The fuzz-test.shgaveme this output $ ../tools/fuzz-test.sh -b run ../data/hpfeed_all_packets_sample.pcap [...] Starting pass 130: ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr) OK Starting pass 131: ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr) OK Starting pass 132: ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr) OK Starting pass 133: ../data/hpfeeds_all_packets_sample.pcap: (-nVxr)../tools/fuzz-test.sh:line 189: 8725 Segmentation fault (core dumped) "$RUNNER"$COMMON_ARGS$ARGS $TMP_DIR/$TMP_FILE > /dev/null 2>> $TMP_DIR/$ERR_FILE ERROR Processing failed. Capture info follows: Input file: ../data/hpfeed_all_packets_sample.pcap Output file: /tmp/fuzz-2015-08-10-7120.pcap stderr follows: Input file: ../data/hpfeed_all_packets_sample.pcap Build host information: Linux hardcore 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty Return value: 139 Dissector bug: 0 Valgrind error count: 0 Command and args: run/tshark -nVxr **ERROR:../epan/wmem/wmem_allocator_strict.c:77:wmem_strict_block_check_canaries:assertion failed: (canary[i] == WMEM_CANARY_VALUE) So I tried to reproduce the error, but when I issued run/tshark -nVxr /tmp/fuzz-2015-08-10-7120.pcap no crash happened. Is this the right way to reproduce a bug the fuzzer found? If yes, why it is not crashing? Thanks for your suggestions. Dario.___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Crash during fuzzing Dario Lombardo (Aug 10)
- Re: Crash during fuzzing Evan Huus (Aug 10)
- Re: Crash during fuzzing Dario Lombardo (Aug 10)
- Re: Crash during fuzzing Pascal Quantin (Aug 10)
- Re: Crash during fuzzing Dario Lombardo (Aug 10)
- Re: Crash during fuzzing Dario Lombardo (Aug 10)
- Re: Crash during fuzzing Evan Huus (Aug 10)