Headline
CVE-2023-0416: Fuzz job crash output: fuzz-2023-01-03-10777.pcap (#18779) · Issues · Wireshark Foundation / wireshark · GitLab
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
Skip to content
Open Issue created Jan 03, 2023 by A Wireshark GitLab Utility@ws-gitlab-utilityDeveloper
Fuzz job crash output: fuzz-2023-01-03-10777.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2023-01-03-10777.pcap.gz
stderr:
Branch: release-3.6
Input file: /var/menagerie/menagerie/ultimate_wireshark_protocols_pcap_220213.pcap
CI job name: ASan Menagerie Fuzz, ID: 3548597641
CI job URL: https://gitlab.com/wireshark/wireshark/-/jobs/3548597641
Return value: 0
Dissector bug: 0
Date and time: Tue Jan 3 19:52:11 UTC 2023
Commits in the last 48 hours:
129d0184 NSIS: Add an initial donation page.
26f4d889 macOS: Don't try to copy a nonexistent plist
6b088d30 Qt: Escape HTML when setting ElidedLabel text
cd54ceae Qt: Fix an IAX2 Analysis dialog memory leak.
59250283 epan: Initialize variables in various dissectors
78a8875f TIPC: Add a recursion check
Build host information:
Linux 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2 -nVxr
Running as user "root" and group "root". This could be dangerous.
** (tshark:28033) 19:51:05.227773 [Epan WARNING] -- Dissector bug, protocol TCPCL, in packet 593: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:05.710734 [Epan WARNING] -- Dissector bug, protocol ULP, in packet 1125: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:06.459431 [Epan WARNING] -- Dissector bug, protocol GSM RLC MAC, in packet 2758: epan/tvbuff.c:405: failed assertion "datalen>0"
** (tshark:28033) 19:51:06.725121 [Epan WARNING] -- Dissector bug, protocol HiQnet, in packet 3310: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:07.622386 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 5169: epan/dissectors/packet-geonw.c:1262: failed assertion "!(tmp_val & 0xffffffff00000000)"
** (tshark:28033) 19:51:07.684878 [Epan WARNING] -- Dissector bug, protocol FF, in packet 5345: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:07.814195 [Epan WARNING] -- Dissector bug, protocol Z39.50, in packet 5613: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:08.196712 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 6379: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:08.224924 [Epan WARNING] -- Dissector bug, protocol DJIUAV, in packet 6417: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:08.233614 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 6451: epan/dissectors/packet-tls-utils.c:6535: failed assertion "offset <= offset_end"
** (tshark:28033) 19:51:08.256179 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 6503: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:08.282477 [Epan WARNING] -- Dissector bug, protocol FMTP, in packet 6567: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:08.495853 [Epan WARNING] -- Dissector bug, protocol DCERPC, in packet 6956: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:08.768575 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 7595: epan/dissectors/packet-geonw.c:1262: failed assertion "!(tmp_val & 0xffffffff00000000)"
** (tshark:28033) 19:51:08.772134 [Epan WARNING] -- Dissector bug, protocol LISP Reliable Transport, in packet 7610: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:09.527442 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 9171: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:10.234726 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 10594: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:11.220017 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 12926: epan/tvbuff.c:4518: failed assertion "len > 0"
** (tshark:28033) 19:51:11.613911 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 13787: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:11.650219 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 13834: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:11.667912 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 13867: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:11.693747 [Epan WARNING] -- Dissector bug, protocol ULP, in packet 13923: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:12.459965 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 15793: Invalid length 0 passed to proto_tree_add_item_ret_uint64
** (tshark:28033) 19:51:12.711104 [Epan WARNING] -- Dissector bug, protocol DICOM, in packet 16298: epan/column-utils.c:682: failed assertion "str"
** (tshark:28033) 19:51:13.301526 [Epan WARNING] -- Dissector bug, protocol GSUP, in packet 17641: Invalid length 0 passed to proto_tree_add_item_ret_uint
** (tshark:28033) 19:51:13.627572 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 18543: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:13.806351 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 18947: epan/tvbuff_composite.c:220: failed assertion "member->length"
** (tshark:28033) 19:51:14.519761 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 20763: epan/tvbuff_composite.c:220: failed assertion "member->length"
** (tshark:28033) 19:51:15.110737 [Epan WARNING] -- Dissector bug, protocol DJIUAV, in packet 22024: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:15.316635 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 22527: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:15.382662 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 22671: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:15.437061 [Epan WARNING] -- Dissector bug, protocol GIOP, in packet 22767: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:15.658207 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 23403: epan/dissectors/packet-tls.c:2241: failed assertion "frag_len != 0"
** (tshark:28033) 19:51:15.718330 [Epan WARNING] -- Dissector bug, protocol PCP, in packet 23508: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:15.834392 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 23827: epan/dissectors/packet-geonw.c:1262: failed assertion "!(tmp_val & 0xffffffff00000000)"
** (tshark:28033) 19:51:15.934915 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 24129: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:16.249213 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 24874: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:16.291546 [Epan WARNING] -- Dissector bug, protocol GIOP, in packet 25024: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:16.386635 [Epan WARNING] -- Dissector bug, protocol SMUX, in packet 25212: asn1/snmp/packet-snmp-template.c:377: failed assertion "snmp_info" (No SNMP info from ASN1 context)
** (tshark:28033) 19:51:16.685462 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 26011: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:16.767147 [Epan WARNING] -- Dissector bug, protocol TCPCL, in packet 26207: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:17.096524 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 27051: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:17.303730 [Epan WARNING] -- Dissector bug, protocol SRVLOC, in packet 27546: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:17.400492 [Epan WARNING] -- Dissector bug, protocol SMUX, in packet 27720: asn1/snmp/packet-snmp-template.c:377: failed assertion "snmp_info" (No SNMP info from ASN1 context)
** (tshark:28033) 19:51:17.432029 [Epan WARNING] -- Dissector bug, protocol GIOP, in packet 27798: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:18.110193 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 29373: epan/tvbuff_composite.c:277: failed assertion "num_members"
** (tshark:28033) 19:51:18.230529 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 29678: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:18.456961 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 30181: epan/dissectors/packet-tls-utils.c:6535: failed assertion "offset <= offset_end"
** (tshark:28033) 19:51:18.757510 [Epan WARNING] -- Dissector bug, protocol GIOP, in packet 30751: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:18.932992 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 31048: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:19.585426 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 32445: epan/tvbuff.c:4518: failed assertion "len > 0"
** (tshark:28033) 19:51:19.820214 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 32958: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:20.046686 [Epan WARNING] -- Dissector bug, protocol Z39.50, in packet 33357: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:20.343712 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 34009: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:20.648574 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 34577: Invalid length 0 passed to proto_tree_add_item_ret_uint64
** (tshark:28033) 19:51:20.652197 [Epan WARNING] -- Dissector bug, protocol Git, in packet 34590: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:21.080737 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 35564: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:21.184187 [Epan WARNING] -- Dissector bug, protocol IPP, in packet 35829: epan/tvbuff.c:4518: failed assertion "len > 0"
** (tshark:28033) 19:51:21.212989 [Epan WARNING] -- Dissector bug, protocol GSUP, in packet 35873: Invalid length 0 passed to proto_tree_add_item_ret_uint
** (tshark:28033) 19:51:22.180356 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 37747: epan/dissectors/packet-geonw.c:1262: failed assertion "!(tmp_val & 0xffffffff00000000)"
** (tshark:28033) 19:51:22.190145 [Epan WARNING] -- Dissector bug, protocol FMTP, in packet 37777: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:22.223616 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 37835: epan/dissectors/packet-tls.c:2241: failed assertion "frag_len != 0"
** (tshark:28033) 19:51:22.494225 [Epan WARNING] -- Dissector bug, protocol ULP, in packet 38471: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:22.878789 [Epan WARNING] -- Dissector bug, protocol MPTCP, in packet 39407: epan/dissectors/packet-tcp.c:4878: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"
** (tshark:28033) 19:51:22.973574 [Epan WARNING] -- Dissector bug, protocol DJIUAV, in packet 39632: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:23.373717 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 40315: Invalid length 0 passed to proto_tree_add_item_ret_uint64
** (tshark:28033) 19:51:23.400899 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 40370: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:23.420395 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 40419: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:23.539983 [Epan WARNING] -- Dissector bug, protocol DICOM, in packet 40582: epan/column-utils.c:682: failed assertion "str"
** (tshark:28033) 19:51:23.664525 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 40865: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:24.057571 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 41577: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:24.586859 [Epan WARNING] -- Dissector bug, protocol GIOP, in packet 42716: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:26.993809 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 47618: epan/dissectors/packet-tls-utils.c:6535: failed assertion "offset <= offset_end"
** (tshark:28033) 19:51:27.258525 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 48141: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:27.282187 [Epan WARNING] -- Dissector bug, protocol NBD, in packet 48190: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:27.334551 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 48322: Invalid length 0 passed to proto_tree_add_item_ret_uint64
** (tshark:28033) 19:51:27.369956 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 48417: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:27.518477 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 48771: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:27.737534 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 49331: epan/dissectors/packet-geonw.c:1262: failed assertion "!(tmp_val & 0xffffffff00000000)"
** (tshark:28033) 19:51:27.973749 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 49888: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:28.189815 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 74: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:28.698379 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 247: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:28.806871 [Epan WARNING] -- Dissector bug, protocol PPP MP, in packet 292: epan/proto.c:5971: failed assertion "tvb != ((void*)0) || *length == 0"
** (tshark:28033) 19:51:29.662164 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 546: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:29.761828 [Epan WARNING] -- Dissector bug, protocol TCPCL, in packet 593: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:30.686420 [Epan WARNING] -- Dissector bug, protocol SES, in packet 875: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:31.381548 [Epan WARNING] -- Dissector bug, protocol ULP, in packet 1125: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:35.507303 [Epan WARNING] -- Dissector bug, protocol GSM RLC MAC, in packet 2758: epan/tvbuff.c:405: failed assertion "datalen>0"
** (tshark:28033) 19:51:36.990245 [Epan WARNING] -- Dissector bug, protocol HiQnet, in packet 3310: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:39.228155 [Epan WARNING] -- Dissector bug, protocol SES, in packet 4278: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:40.747899 [Epan WARNING] -- Dissector bug, protocol T.125, in packet 4919: epan/tvbuff.c:907: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:40.959984 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 5044: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:41.275616 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 5169: field geonw.sec.app_id is not of type FT_UINT40, FT_UINT48, FT_UINT56, or FT_UINT64
** (tshark:28033) 19:51:41.318915 [Epan WARNING] -- Dissector bug, protocol PPP MP, in packet 5192: epan/proto.c:5971: failed assertion "tvb != ((void*)0) || *length == 0"
** (tshark:28033) 19:51:41.607083 [Epan WARNING] -- Dissector bug, protocol FF, in packet 5345: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:41.995543 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 5460: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:42.363347 [Epan WARNING] -- Dissector bug, protocol SMB2, in packet 5610: epan/proto.c:7063: failed assertion "length >= 0" (text)
** (tshark:28033) 19:51:42.368510 [Epan WARNING] -- Dissector bug, protocol Z39.50, in packet 5613: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:42.553286 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 5709: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:44.061873 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 6357: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:44.119539 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 6379: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:44.246342 [Epan WARNING] -- Dissector bug, protocol DJIUAV, in packet 6417: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:44.309420 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 6451: epan/dissectors/packet-tls-utils.c:6535: failed assertion "offset <= offset_end"
** (tshark:28033) 19:51:44.419136 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 6503: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:44.550255 [Epan WARNING] -- Dissector bug, protocol FMTP, in packet 6567: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:45.492896 [Epan WARNING] -- Dissector bug, protocol DCERPC, in packet 6956: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:45.954707 [Epan WARNING] -- Dissector bug, protocol Ceph, in packet 7135: epan/dissectors/packet-ceph.c:1521: failed assertion "d->convd" (Frame visited, but no saved state.)
** (tshark:28033) 19:51:47.075396 [Epan WARNING] -- Dissector bug, protocol PPP MP, in packet 7576: epan/proto.c:5971: failed assertion "tvb != ((void*)0) || *length == 0"
** (tshark:28033) 19:51:47.097960 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 7595: field geonw.sec.app_id is not of type FT_UINT40, FT_UINT48, FT_UINT56, or FT_UINT64
** (tshark:28033) 19:51:47.117114 [Epan WARNING] -- Dissector bug, protocol LISP Reliable Transport, in packet 7610: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:47.651487 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 7835: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:49.041428 [Epan WARNING] -- Dissector bug, protocol SES, in packet 8386: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:51.072188 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 9171: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:52.247236 [Epan WARNING] -- Dissector bug, protocol BPv7, in packet 9662: epan/proto.c:7063: failed assertion "length >= 0" (bpv7.block)
** (tshark:28033) 19:51:54.697733 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 10594: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:51:55.437882 [Epan WARNING] -- Dissector bug, protocol CDMA2K, in packet 10881: field cdma2k.tlacHeaderRecordReservedData passed to proto_tree_add_bits_ret_val() has a bit width of 78 > 65
** (tshark:28033) 19:51:55.870813 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 11077: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:51:57.918563 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 11819: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:52:00.005101 [Epan WARNING] -- Dissector bug, protocol MIH, in packet 12666: epan/tvbuff_composite.c:220: failed assertion "member->length"
** (tshark:28033) 19:52:00.744585 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 12926: epan/tvbuff.c:4518: failed assertion "len > 0"
** (tshark:28033) 19:52:02.679818 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 13679: epan/dissectors/packet-tls.c:2497: failed assertion "frag_info && frag_info->offset == 0"
** (tshark:28033) 19:52:02.972788 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 13787: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:52:03.114980 [Epan WARNING] -- Dissector bug, protocol SCoP, in packet 13834: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:52:03.206093 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 13867: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:52:03.370276 [Epan WARNING] -- Dissector bug, protocol ULP, in packet 13923: epan/dissectors/packet-tcp.c:4229: failed assertion "proto_desegment && pinfo->can_desegment"
** (tshark:28033) 19:52:04.343118 [Epan WARNING] -- Dissector bug, protocol PPP MP, in packet 14291: epan/proto.c:5971: failed assertion "tvb != ((void*)0) || *length == 0"
** (tshark:28033) 19:52:06.349342 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 15076: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:52:07.465590 [Epan WARNING] -- Dissector bug, protocol S7COMM, in packet 15574: epan/tvbuff.c:547: failed assertion "tvb && tvb->initialized"
** (tshark:28033) 19:52:07.728750 [Epan WARNING] -- Dissector bug, protocol Ceph, in packet 15691: epan/dissectors/packet-ceph.c:1521: failed assertion "d->convd" (Frame visited, but no saved state.)
** (tshark:28033) 19:52:07.946323 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 15793: Invalid length 0 passed to proto_tree_add_item_ret_uint64
=================================================================
==28033==ERROR: AddressSanitizer: heap-use-after-free on address 0x606001a62483 at pc 0x7f4c24c1161d bp 0x7ffc7ce65810 sp 0x7ffc7ce65808
READ of size 1 at 0x606001a62483 thread T0
#0 0x7f4c24c1161c in tvb_get_guint8 /builds/wireshark/wireshark/epan/tvbuff.c:1027:9
#1 0x7f4c2251c27b in dissect_geonw /builds/wireshark/wireshark/epan/dissectors/packet-geonw.c:2235:27
#2 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#3 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#4 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#5 0x7f4c24af9aa2 in dissector_try_uint /builds/wireshark/wireshark/epan/packet.c:1474:9
#6 0x7f4c21bce519 in dissect_3com_xns /builds/wireshark/wireshark/epan/dissectors/packet-3com-xns.c:74:8
#7 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#8 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#9 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#10 0x7f4c24af9aa2 in dissector_try_uint /builds/wireshark/wireshark/epan/packet.c:1474:9
#11 0x7f4c22aa12ce in dissect_llc /builds/wireshark/wireshark/epan/dissectors/packet-llc.c:448:10
#12 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#13 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#14 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#15 0x7f4c24af9aa2 in dissector_try_uint /builds/wireshark/wireshark/epan/packet.c:1474:9
#16 0x7f4c23003261 in dissect_ppp_common /builds/wireshark/wireshark/epan/dissectors/packet-ppp.c:4786:10
#17 0x7f4c23003062 in dissect_ppp_hdlc_common /builds/wireshark/wireshark/epan/dissectors/packet-ppp.c:5804:5
#18 0x7f4c22feecc6 in dissect_ppp_raw_hdlc /builds/wireshark/wireshark/epan/dissectors/packet-ppp.c:6002:17
#19 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#20 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#21 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#22 0x7f4c22572c7c in dissect_gre /builds/wireshark/wireshark/epan/dissectors/packet-gre.c:491:14
#23 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#24 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#25 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#26 0x7f4c2286f0ce in ip_try_dissect /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:1817:7
#27 0x7f4c228743b2 in dissect_ip_v4 /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:2307:10
#28 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#29 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#30 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#31 0x7f4c24af9aa2 in dissector_try_uint /builds/wireshark/wireshark/epan/packet.c:1474:9
#32 0x7f4c22451123 in dissect_ethertype /builds/wireshark/wireshark/epan/dissectors/packet-ethertype.c:296:21
#33 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#34 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#35 0x7f4c24b00930 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3270:8
#36 0x7f4c24af5b54 in call_dissector_with_data /builds/wireshark/wireshark/epan/packet.c:3283:8
#37 0x7f4c2244df00 in dissect_eth_common /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:576:5
#38 0x7f4c2244ca67 in dissect_eth /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:882:5
#39 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#40 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#41 0x7f4c24b00930 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3270:8
#42 0x7f4c224da81e in dissect_frame /builds/wireshark/wireshark/epan/dissectors/packet-frame.c:935:6
#43 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#44 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#45 0x7f4c24b00930 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3270:8
#46 0x7f4c24af5b54 in call_dissector_with_data /builds/wireshark/wireshark/epan/packet.c:3283:8
#47 0x7f4c24af5330 in dissect_record /builds/wireshark/wireshark/epan/packet.c:624:3
#48 0x7f4c24ac8e88 in epan_dissect_run_with_taps /builds/wireshark/wireshark/epan/epan.c:629:2
#49 0x562e81392795 in process_packet_second_pass /builds/wireshark/wireshark/tshark.c:3251:5
#50 0x562e81390bed in process_cap_file_second_pass /builds/wireshark/wireshark/tshark.c:3393:9
#51 0x562e8138b047 in process_cap_file /builds/wireshark/wireshark/tshark.c:3663:28
#52 0x562e81385200 in main /builds/wireshark/wireshark/tshark.c:2103:16
#53 0x7f4c1a5d0d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#54 0x7f4c1a5d0e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#55 0x562e8129e4e4 in _start (/builds/wireshark/wireshark/_install/bin/tshark+0x4b4e4) (BuildId: b87b036e4d279dc371c7ff4a4ca09ec8e84e0739)
0x606001a62483 is located 35 bytes inside of 55-byte region [0x606001a62460,0x606001a62497)
freed by thread T0 here:
#0 0x562e81323c62 in free (/builds/wireshark/wireshark/_install/bin/tshark+0xd0c62) (BuildId: b87b036e4d279dc371c7ff4a4ca09ec8e84e0739)
#1 0x7f4c1a97bb03 in wmem_free /builds/wireshark/wireshark/wsutil/wmem/wmem_core.c:65:9
#2 0x7f4c1a984e41 in wmem_strict_free /builds/wireshark/wireshark/wsutil/wmem/wmem_allocator_strict.c:127:5
#3 0x7f4c1a984ed5 in wmem_strict_free_all /builds/wireshark/wireshark/wsutil/wmem/wmem_allocator_strict.c:182:9
#4 0x7f4c1a97be3b in wmem_free_all_real /builds/wireshark/wireshark/wsutil/wmem/wmem_core.c:104:5
#5 0x7f4c1a97bda6 in wmem_free_all /builds/wireshark/wireshark/wsutil/wmem/wmem_core.c:110:5
#6 0x7f4c24ac8c69 in epan_dissect_reset /builds/wireshark/wireshark/epan/epan.c:581:2
#7 0x562e81392996 in process_packet_second_pass /builds/wireshark/wireshark/tshark.c:3284:5
#8 0x562e81390bed in process_cap_file_second_pass /builds/wireshark/wireshark/tshark.c:3393:9
#9 0x562e8138b047 in process_cap_file /builds/wireshark/wireshark/tshark.c:3663:28
#10 0x562e81385200 in main /builds/wireshark/wireshark/tshark.c:2103:16
#11 0x7f4c1a5d0d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
previously allocated by thread T0 here:
#0 0x562e81323f0e in malloc (/builds/wireshark/wireshark/_install/bin/tshark+0xd0f0e) (BuildId: b87b036e4d279dc371c7ff4a4ca09ec8e84e0739)
#1 0x7f4c1a884738 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738) (BuildId: 137458a0f7846a084270bf5bb03df075a578db6d)
#2 0x7f4c1a98477f in wmem_strict_alloc /builds/wireshark/wireshark/wsutil/wmem/wmem_allocator_strict.c:81:46
#3 0x7f4c1a97ba7d in wmem_alloc /builds/wireshark/wireshark/wsutil/wmem/wmem_core.c:44:12
#4 0x7f4c23002dd7 in remove_escape_chars /builds/wireshark/wireshark/epan/dissectors/packet-ppp.c:5859:22
#5 0x7f4c22feec92 in dissect_ppp_raw_hdlc /builds/wireshark/wireshark/epan/dissectors/packet-ppp.c:5999:23
#6 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#7 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#8 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#9 0x7f4c22572c7c in dissect_gre /builds/wireshark/wireshark/epan/dissectors/packet-gre.c:491:14
#10 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#11 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#12 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#13 0x7f4c2286f0ce in ip_try_dissect /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:1817:7
#14 0x7f4c228743b2 in dissect_ip_v4 /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:2307:10
#15 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#16 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#17 0x7f4c24af9093 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1450:8
#18 0x7f4c24af9aa2 in dissector_try_uint /builds/wireshark/wireshark/epan/packet.c:1474:9
#19 0x7f4c22451123 in dissect_ethertype /builds/wireshark/wireshark/epan/dissectors/packet-ethertype.c:296:21
#20 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#21 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#22 0x7f4c24b00930 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3270:8
#23 0x7f4c24af5b54 in call_dissector_with_data /builds/wireshark/wireshark/epan/packet.c:3283:8
#24 0x7f4c2244df00 in dissect_eth_common /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:576:5
#25 0x7f4c2244ca67 in dissect_eth /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:882:5
#26 0x7f4c24b03d7a in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:757:9
#27 0x7f4c24af9703 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:850:9
#28 0x7f4c24b00930 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3270:8
#29 0x7f4c224da81e in dissect_frame /builds/wireshark/wireshark/epan/dissectors/packet-frame.c:935:6
SUMMARY: AddressSanitizer: heap-use-after-free /builds/wireshark/wireshark/epan/tvbuff.c:1027:9 in tvb_get_guint8
Shadow bytes around the buggy address:
0x0c0c80344440: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c80344450: fd fd fd fd fd fd fd fa fa fa fa fa 00 00 00 00
0x0c0c80344460: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 fa
0x0c0c80344470: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
0x0c0c80344480: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
=>0x0c0c80344490:[fd]fd fd fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0c803444a0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c803444b0: fd fd fd fd fd fd fd fd fa fa fa fa 00 00 00 00
0x0c0c803444c0: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
0x0c0c803444d0: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa fa fa
0x0c0c803444e0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28033==ABORTING
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
no debug trace