Skip to content

Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal#2132

Open
Shubham7-1 wants to merge 5 commits into
seladb:devfrom
Shubham7-1:master
Open

Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal#2132
Shubham7-1 wants to merge 5 commits into
seladb:devfrom
Shubham7-1:master

Conversation

@Shubham7-1

@Shubham7-1 Shubham7-1 commented May 8, 2026

Copy link
Copy Markdown

Summary

Fixes the MSAN-reported Use-of-uninitialized-value in pcpp::PcapNgFileReaderDevice::getNextPacketInternal (OSS-Fuzz issue, crash type reported in FuzzWriterNg).

issue: https://issues.oss-fuzz.com/issues/479882050

Root Cause

In light_get_next_packet (light_pcapng_ext.c), the LIGHT_SIMPLE_PACKET_BLOCK branch sets packet_header->data_link only when interface_block_count > 0:

if (pcapng->file_info->interface_block_count > 0)
    packet_header->data_link = pcapng->file_info->link_types[0];
// else: data_link left UNINITIALIZED

When a pcapng file contains a Simple Packet Block without any preceding Interface Description Block, data_link is never written. Back in getNextPacketInternal, the uninitialized pktHeader.data_link value is then read by m_BpfWrapper.matches() and RawPacket::setRawData(), triggering MSAN.

Changes

3rdParty/LightPcapNg/LightPcapNg/src/light_pcapng_ext.c

Added an else clause in the SPB path of light_get_next_packet to always assign data_link. Uses the same 0xFFFF sentinel already used in the EPB "out-of-range interface_id" case, meaning unknown/invalid link type.

Pcap++/src/PcapFileDevice.cpp

Zero-initialized light_packet_header pktHeader{} in getNextPacketInternal as defense-in-depth, ensuring no field is ever read uninitialized regardless of which code path light_get_next_packet takes.

Copilot AI and others added 4 commits May 8, 2026 12:36
@Shivam7-1
Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPack…
301e792 
…etInternal

- Zero-initialize light_packet_header pktHeader in getNextPacketInternal to
  prevent MSAN use-of-uninitialized-value on any path where light_get_next_packet
  does not fill every field.
- Fix light_get_next_packet's LIGHT_SIMPLE_PACKET_BLOCK branch: add an else
  clause so packet_header->data_link is always set (to 0xFFFF) when there are
  no interface blocks, eliminating the root cause of the uninitialized read.

Agent-Logs-Url: https://github.com/Shivam7-1/PcapPlusPlus/sessions/40af4014-b148-45f0-8e4f-9f159064c5d1

Co-authored-by: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com>
@Shivam7-1
Add comment explaining 0xFFFF sentinel value for data_link
ee300a8 
Agent-Logs-Url: https://github.com/Shivam7-1/PcapPlusPlus/sessions/40af4014-b148-45f0-8e4f-9f159064c5d1

Co-authored-by: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com>
@Shivam7-1
Merge pull request #1 from Shivam7-1/copilot/fix-use-of-uninitialized…
2226144 
…-value

Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal
@Shubham7-1
Merge pull request #1 from Shivam7-1/master
bba6198 
Fix use-of-uninitialized-value in PcapNgFileReaderDevice::getNextPacketInternal
@Shubham7-1 Shubham7-1 requested a review from seladb as a code owner May 8, 2026 12:46
@seladb seladb changed the base branch from master to dev May 10, 2026 08:07
seladb
seladb reviewed May 10, 2026
View reviewed changes

@seladb seladb left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Shubham7-1 we can add the example file in https://issues.oss-fuzz.com/issues/479882050 to here: https://github.com/Shubham7-1/PcapPlusPlus/tree/685e23905e4c319ba693f21a69846442ec540be1/Tests/Fuzzers/RegressionTests/regression_samples

These are regression files that we run in CI.

@Shubham7-1

Shubham7-1 commented May 10, 2026

Copy link
Copy Markdown
Author

@seladb Thanks For your Review

@Shubham7-1 we can add the example file in https://issues.oss-fuzz.com/issues/479882050 to here: https://github.com/Shubham7-1/PcapPlusPlus/tree/685e23905e4c319ba693f21a69846442ec540be1/Tests/Fuzzers/RegressionTests/regression_samples

These are regression files that we run in CI.

I think its not possible

@Shubham7-1 Shubham7-1 requested a review from seladb May 10, 2026 13:52
@codecov

codecov Bot commented May 10, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 82.65%. Comparing base (aed8e5a) to head (10b2293).

Files with missing lines Patch % Lines
...rty/LightPcapNg/LightPcapNg/src/light_pcapng_ext.c 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##              dev    #2132      +/-   ##
==========================================
- Coverage   82.66%   82.65%   -0.01%     
==========================================
  Files         332      332              
  Lines       59706    59700       -6     
  Branches    12384    12592     +208     
==========================================
- Hits        49353    49348       -5     
- Misses       8952     8965      +13     
+ Partials     1401     1387      -14
Flag Coverage Δ
23.11.6 7.30% <0.00%> (-0.01%) ⬇️
24.11.5 7.30% <0.00%> (-0.02%) ⬇️
25.11.1 7.30% <0.00%> (-0.04%) ⬇️
alpine320 76.79% <50.00%> (-0.01%) ⬇️
fedora42 76.37% <50.00%> (-0.01%) ⬇️
macos-14 82.17% <50.00%> (-0.01%) ⬇️
macos-15 82.17% <50.00%> (-0.01%) ⬇️
mingw32 70.98% <100.00%> (+<0.01%) ⬆️
mingw64 70.95% <100.00%> (+0.07%) ⬆️
npcap ?
rhel94 76.19% <50.00%> (-0.01%) ⬇️
ubuntu2204 76.22% <50.00%> (+0.02%) ⬆️
ubuntu2204-icpx 59.27% <100.00%> (+0.02%) ⬆️
ubuntu2404 76.51% <50.00%> (+0.02%) ⬆️
ubuntu2404-arm64 76.50% <50.00%> (+0.01%) ⬆️
ubuntu2604 76.42% <50.00%> (-0.01%) ⬇️
unittest 82.65% <50.00%> (-0.01%) ⬇️
windows-2022 85.69% <100.00%> (+0.10%) ⬆️
windows-2025 85.73% <100.00%> (+0.11%) ⬆️
winpcap 85.73% <100.00%> (-0.08%) ⬇️
xdp 53.04% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Shubham7-1

Shubham7-1 commented May 12, 2026

Copy link
Copy Markdown
Author

hii @seladb team any update ?

@seladb

seladb commented May 12, 2026

Copy link
Copy Markdown
Owner

@seladb Thanks For your Review

@Shubham7-1 we can add the example file in https://issues.oss-fuzz.com/issues/479882050 to here: https://github.com/Shubham7-1/PcapPlusPlus/tree/685e23905e4c319ba693f21a69846442ec540be1/Tests/Fuzzers/RegressionTests/regression_samples
These are regression files that we run in CI.

I think its not possible

@Shivam7-1 why is it not possible? 🤔

@seladb

seladb commented May 16, 2026

Copy link
Copy Markdown
Owner

@seladb Thanks For your Review

@Shubham7-1 we can add the example file in https://issues.oss-fuzz.com/issues/479882050 to here: https://github.com/Shubham7-1/PcapPlusPlus/tree/685e23905e4c319ba693f21a69846442ec540be1/Tests/Fuzzers/RegressionTests/regression_samples
These are regression files that we run in CI.

I think its not possible

@Shivam7-1 why is it not possible? 🤔

@Shubham7-1 did you see my previous message? ☝️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seladb seladb Awaiting requested review from seladb seladb is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Shubham7-1 @seladb @Shivam7-1