Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Crash during fuzzing

From: Dario Lombardo <dario.lombardo.ml () gmail com>
Date: Mon, 10 Aug 2015 22:27:03 +0200
No crash still happening...

$ ../tools/test-captures.sh -b run ../data/hpfeeds_all_packets_sample.pcap
Testing file ../data/hpfeeds_all_packets_sample.pcap...
 - with tree... OK
 - without tree... OK
 - without tree but with a read filter... OK
$

On Mon, Aug 10, 2015 at 10:09 PM, Evan Huus <eapache () gmail com> wrote:


The best way to reproduce fuzzer bugs is with ./tools/test-captures.sh
which sets all the same environment variables and flags as the main
fuzz script.

Since the error was in a memory canary, valgrind and/or ASAN may also
prove useful.

Evan

On Mon, Aug 10, 2015 at 3:52 PM, Dario Lombardo
<dario.lombardo.ml () gmail com> wrote:

Hi list
II was fuzzing a protocol, and I experienced a crash. The fuzz-test.sh

gave

me this output

$ ../tools/fuzz-test.sh -b run ../data/hpfeed_all_packets_sample.pcap
[...]
Starting pass 130:
    ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr)  OK
Starting pass 131:
    ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr)  OK
Starting pass 132:
    ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr)  OK
Starting pass 133:
    ../data/hpfeeds_all_packets_sample.pcap: (-nVxr)

../tools/fuzz-test.sh:

line 189:  8725 Segmentation fault      (core dumped) "$RUNNER"

$COMMON_ARGS

$ARGS $TMP_DIR/$TMP_FILE > /dev/null 2>> $TMP_DIR/$ERR_FILE

 ERROR
Processing failed. Capture info follows:

  Input file: ../data/hpfeed_all_packets_sample.pcap
  Output file: /tmp/fuzz-2015-08-10-7120.pcap

stderr follows:

Input file: ../data/hpfeed_all_packets_sample.pcap

Build host information:
Linux hardcore 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC
2015 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty

Return value:  139

Dissector bug:  0

Valgrind error count:  0




Command and args: run/tshark -nVxr

**


ERROR:../epan/wmem/wmem_allocator_strict.c:77:wmem_strict_block_check_canaries:

assertion failed: (canary[i] == WMEM_CANARY_VALUE)

So I tried to reproduce the error, but when I issued

run/tshark -nVxr /tmp/fuzz-2015-08-10-7120.pcap

no crash happened. Is this the right way to reproduce a bug the fuzzer
found? If yes, why it is not crashing?
Thanks for your suggestions.
Dario.



___________________________________________________________________________

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org

?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: