heap-buffer-overflow in pcap_thread_callback_ip()

[geeknik]

Built from b0e787e with afl-clang-fast on Debian 8.x x64.

./drool -c 'text:timing ignore;' -c 'text:client_pool target "127.0.0.1" "53";' -c 'text:client_pool skip_reply;' -r
test003.pcap

==11594==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600000eedd at pc 0x0000004f88e1 bp 0x7f6c2bffe730 sp 0x7f6c2bffe728
READ of size 1 at 0x60600000eedd thread T3
    #0 0x4f88e0 in pcap_thread_callback_ip /root/drool/src/pcap-thread/pcap_thread.c:1637:17
    #1 0x4fa09b in pcap_thread_callback_gre /root/drool/src/pcap-thread/pcap_thread.c:1556:25
    #2 0x4f76fe in pcap_thread_callback_ipv6 /root/drool/src/pcap-thread/pcap_thread.c:1843:21
    #3 0x4f76fe in pcap_thread_callback_ip /root/drool/src/pcap-thread/pcap_thread.c:1649
    #4 0x4f1f26 in pcap_thread_callback_loop /root/drool/src/pcap-thread/pcap_thread.c:1418:21
    #5 0x4f1f26 in pcap_thread_callback /root/drool/src/pcap-thread/pcap_thread.c:1137
    #6 0x4f4afd in _callback /root/drool/src/pcap-thread/pcap_thread.c:2408:13
    #7 0x7f6c33034f03 (/usr/lib/x86_64-linux-gnu/libpcap.so.0.8+0x1df03)
    #8 0x7f6c33025d2e in pcap_loop (/usr/lib/x86_64-linux-gnu/libpcap.so.0.8+0xed2e)
    #9 0x4f2bba in _thread /root/drool/src/pcap-thread/pcap_thread.c:2486:15
    #10 0x7f6c32e02063 in start_thread /build/glibc-qK83Be/glibc-2.19/nptl/pthread_create.c:309
    #11 0x7f6c3221462c in clone /build/glibc-qK83Be/glibc-2.19/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111

0x60600000eedd is located 0 bytes to the right of 61-byte region [0x60600000eea0,0x60600000eedd)
allocated by thread T0 here:
    #0 0x4a646b in __interceptor_malloc (/root/drool/src/drool+0x4a646b)
    #1 0x7f6c3303596e (/usr/lib/x86_64-linux-gnu/libpcap.so.0.8+0x1e96e)

Thread T3 created by T0 here:
    #0 0x48e09f in __interceptor_pthread_create (/root/drool/src/drool+0x48e09f)
    #1 0x4ef28c in pcap_thread_run /root/drool/src/pcap-thread/pcap_thread.c:2658:24
    #2 0x4d4fec in run /root/drool/src/drool.c:243:16
    #3 0x4d4fec in main /root/drool/src/drool.c:684
    #4 0x7f6c3214db44 in __libc_start_main /build/glibc-qK83Be/glibc-2.19/csu/libc-start.c:287

SUMMARY: AddressSanitizer: heap-buffer-overflow /root/drool/src/pcap-thread/pcap_thread.c:1637 pcap_thread_callback_ip
Shadow bytes around the buggy address:
  0x0c0c7fff9d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff9d90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff9da0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff9db0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff9dc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0c7fff9dd0: fa fa fa fa 00 00 00 00 00 00 00[05]fa fa fa fa
  0x0c0c7fff9de0: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
  0x0c0c7fff9df0: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c0c7fff9e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff9e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0c7fff9e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
==11594==ABORTING