Skip to content
This repository has been archived by the owner on Oct 23, 2020. It is now read-only.

Segfault in Tcptrace at names.c:179 #6

Open
Ngiong opened this issue Oct 22, 2020 · 0 comments
Open

Segfault in Tcptrace at names.c:179 #6

Ngiong opened this issue Oct 22, 2020 · 0 comments

Comments

@Ngiong
Copy link

Ngiong commented Oct 22, 2020

Hello,
We are currently working on a new fuzz testing feature, and we found a crash in tcptrace.

Step to Reproduce
We configured and built libpcap-1.9.1 using CFLAGS="-g -O0" ./configure and make
and configured tcptrace using CFLAGS="-L${LIBPCAP_PATH}/lib -I${LIBPCAP_PATH}/include" LDFLAGS="-L${LIBPCAP_PATH}/lib -lpcap" ./configure and built using make, and run it with:

./tcptrace  --showtitle -d -d -d --nowarn_printtrunc --warn_ooo --noshowsacks <attached_file> -n --nores_addr

Attachment: poc_0004.txt

Environment

Additional context
Here's the stack trace: stack_trace_0004.zip

Program received signal SIGSEGV, Segmentation fault.
_IO_vfprintf_internal (s=0x7fffff7ff560, format=0x47c8f3 "Searching cache for host '%s'\n", ap=0x7fffff801c20) at vfprintf.c:1320
1320	vfprintf.c: No such file or directory.
#0  _IO_vfprintf_internal (s=0x7fffff7ff560, format=0x47c8f3 "Searching cache for host '%s'\n", ap=0x7fffff801c20) at vfprintf.c:1320
#1  0x00007ffff76a4700 in buffered_vfprintf (s=s@entry=0x7ffff7a32680 <_IO_2_1_stderr_>, format=format@entry=0x47c8f3 "Searching cache for host '%s'\n", args=args@entry=0x7fffff801c20) at vfprintf.c:2329
#2  0x00007ffff76a17b6 in _IO_vfprintf_internal (s=0x7ffff7a32680 <_IO_2_1_stderr_>, format=0x47c8f3 "Searching cache for host '%s'\n", ap=ap@entry=0x7fffff801c20) at vfprintf.c:1301
#3  0x00007ffff76aaed4 in __fprintf (stream=<optimized out>, format=<optimized out>) at fprintf.c:32
#4  0x0000000000408cfa in HostName (ipaddress=...) at names.c:179
#5  0x00000000004118b8 in ParenHostName (addr=...) at print.c:630
#6  0x0000000000411039 in printipv4 (pip=0x6e7520, plast=0x6e7547) at print.c:208
#7  0x000000000040fd0e in printip_packet (pip=0x6e7520, plast=0x6e7547) at print.c:179
#8  0x000000000040fa61 in printpacket (len=100, tlen=100, phys=0x0, phystype=0, pip=0x6e7520, plast=0x6e7547, tcb=0x0) at print.c:596
#9  0x000000000042655a in findheader (ipproto=17, pip=0x6e7520, pphdr=0x7fffff8020f8, pplast=0x7fffff802100) at ipv6.c:158
#10 0x000000000042685a in getudp (pip=0x6e7520, ppudp=0x7fffff8020f8, pplast=0x7fffff802100) at ipv6.c:321
#11 0x0000000000410811 in printudp_packet (pip=0x6e7520, plast=0x6e7547) at print.c:523
... <more were omitted> ...

Thank you.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant