forked from osmocom/wireshark
Fix an out of bounds access found by ASAN and reported by Alexis:
==21553==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffbc0b2a5e at pc 0x7fe8684147a3 bp 0x7fffbc0b2950 sp 0x7fffbc0b2948
READ of size 2 at 0x7fffbc0b2a5e thread T0
#0 0x7fe8684147a2 in dissect_schedule_message /home/alagoutte/wireshark-clang/epan/dissectors/packet-gsm_cbch.c:309
#1 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
#2 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
#3 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
#4 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
#5 0x7fe868a3ebd4 in decode_udp_ports /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:411
#6 0x7fe868a41886 in dissect /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:747
#7 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
#8 0x7fe867ed6d03 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
#9 0x7fe8684eaa1f in dissect_ip /home/alagoutte/wireshark-clang/epan/dissectors/packet-ip.c:2401
#10 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
#11 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
#12 0x7fe868333e98 in dissect_ethertype /home/alagoutte/wireshark-clang/epan/dissectors/packet-ethertype.c:305
#13 0x7fe867ed707d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:508
#14 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
#15 0x7fe8683328ad in dissect_eth_common /home/alagoutte/wireshark-clang/epan/dissectors/packet-eth.c:472
#16 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
#17 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
#18 0x7fe868382460 in dissect_frame /home/alagoutte/wireshark-clang/epan/dissectors/packet-frame.c:485
#19 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
#20 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
#21 0x7fe867ed5baf in call_dissector /home/alagoutte/wireshark-clang/epan/packet.c:2169
#22 0x7fe867eb6388 in epan_dissect_run_with_taps /home/alagoutte/wireshark-clang/epan/epan.c:329
#23 0x4a0ef9 in process_packet /home/alagoutte/wireshark-clang/tshark.c:3434
#24 0x49c985 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3237
#25 0x7fe860e8ede4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
#26 0x48586c in _start ??:?
Address 0x7fffbc0b2a5e is located in stack of thread T0 at offset 126 in frame
#0 0x7fe86841353f in dissect_cbch /home/alagoutte/wireshark-clang/epan/dissectors/packet-gsm_cbch.c:345
This frame has 2 object(s):
[32, 80) 'new_slots.i'
[128, 224) 'other_slots.i' <== Memory access at offset 126 underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??
svn path=/trunk/; revision=53934
This commit is contained in:
Pascal Quantin
parent
c25611b9e7
commit
3b59a3b692
|
|
@ -301,7 +301,7 @@ dissect_schedule_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *top_tree
|
|||
++k;
|
||||
}
|
||||
}
|
||||
else if ((octet1 & 0xC0) == 0)
|
||||
else if (octet1 && ((octet1 & 0xC0) == 0))
|
||||
{
|
||||
/* MDT 00 */
|
||||
if (octet1 < k)
|
||||
|
|
|
|||
Loading…
Reference in New Issue