Wireshark-bugs: [Wireshark-bugs] [Bug 10467] New: Buildbot crash output: fuzz-2014-09-11-14118.p
Date: Fri, 12 Sep 2014 09:30:03 +0000
Bug ID 10467
Summary Buildbot crash output: fuzz-2014-09-11-14118.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2014-09-11-14118.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-09-11-14118.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/5754-NokiaN900-NokiaBH-501.cap

Build host information:
Linux wsbb04 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=2962
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=f93c53efcbd26b9533ef3390b577e464a3c257d7

Return value:  0

Dissector bug:  0

Valgrind error count:  36



Git commit
commit f93c53efcbd26b9533ef3390b577e464a3c257d7
Author: Roland Knall <roland.knall@br-automation.com>
Date:   Tue Sep 9 14:27:02 2014 +0200

    EPL: Fix offset calculation

     The offset was calculated too high, as it was added
     to itself and sizes were added multiple times

    Change-Id: I1a581e96e2ab66e40f5566074e8bd1089f55bdb0
    Reviewed-on: https://code.wireshark.org/review/4049
    Reviewed-by: Roland Knall <rknall@gmail.com>
    Reviewed-by: Anders Broman <a.broman58@gmail.com>


Command and args: ./tools/valgrind-wireshark.sh 

==23125== Memcheck, a memory error detector
==23125== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==23125== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==23125== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-09-11-14118.pcap
==23125== 
==23125== Conditional jump or move depends on uninitialised value(s)
==23125==    at 0x67AB717: dissect_at_command (packet-bthfp.c:902)
==23125==    by 0x67ACF6D: dissect_bthfp (packet-bthfp.c:1508)
==23125==    by 0x6660A9E: call_dissector_through_handle (packet.c:622)
==23125==    by 0x6661384: call_dissector_work (packet.c:713)
==23125==    by 0x6661A3B: dissector_try_uint_new (packet.c:1145)
==23125==    by 0x67BC007: dissect_btrfcomm (packet-btrfcomm.c:890)
==23125==    by 0x6660A9E: call_dissector_through_handle (packet.c:622)
==23125==    by 0x6661384: call_dissector_work (packet.c:713)
==23125==    by 0x6661A3B: dissector_try_uint_new (packet.c:1145)
==23125==    by 0x67B2FD5: dissect_b_frame.constprop.15 (packet-btl2cap.c:1503)
==23125==    by 0x67B45E9: dissect_btl2cap (packet-btl2cap.c:2138)
==23125==    by 0x6660A9E: call_dissector_through_handle (packet.c:622)
==23125== 
==23125== Conditional jump or move depends on uninitialised value(s)
==23125==    at 0xA6D98F3: vfprintf (vfprintf.c:1661)
==23125==    by 0xA797D74: __vsnprintf_chk (vsnprintf_chk.c:63)
==23125==    by 0x664CF14: col_do_append_fstr (column-utils.c:388)
==23125==    by 0x664F8C3: col_append_fstr (column-utils.c:404)
==23125==    by 0x67ABB62: dissect_at_command (packet-bthfp.c:915)
==23125==    by 0x67ACF6D: dissect_bthfp (packet-bthfp.c:1508)
==23125==    by 0x6660A9E: call_dissector_through_handle (packet.c:622)
==23125==    by 0x6661384: call_dissector_work (packet.c:713)
==23125==    by 0x6661A3B: dissector_try_uint_new (packet.c:1145)
==23125==    by 0x67BC007: dissect_btrfcomm (packet-btrfcomm.c:890)
==23125==    by 0x6660A9E: call_dissector_through_handle (packet.c:622)
==23125==    by 0x6661384: call_dissector_work (packet.c:713)
==23125== 
==23125== Conditional jump or move depends on uninitialised value(s)
==23125==    at 0x9A72807: g_strstr_len (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23125==    by 0x67ABB84: dissect_at_command (packet-bthfp.c:922)
==23125==    by 0x67ACF6D: dissect_bthfp (packet-bthfp.c:1508)
==23125==    by 0x6660A9E: call_dissector_through_handle (packet.c:622)
==23125==    by 0x6661384: call_dissector_work (packet.c:713)
==23125==    by 0x6661A3B: dissector_try_uint_new (packet.c:1145)
==23125==    by 0x67BC007: dissect_btrfcomm (packet-btrfcomm.c:890)
==23125==    by 0x6660A9E: call_dissector_through_handle (packet.c:622)
==23125==    by 0x6661384: call_dissector_work (packet.c:713)
==23125==    by 0x6661A3B: dissector_try_uint_new (packet.c:1145)
==23125==    by 0x67B2FD5: dissect_b_frame.constprop.15 (packet-btl2cap.c:1503)
==23125==    by 0x67B45E9: dissect_btl2cap (packet-btl2cap.c:2138)
==23125== 
==23125== 
==23125== HEAP SUMMARY:
==23125==     in use at exit: 1,229,508 bytes in 29,978 blocks
==23125==   total heap usage: 299,625 allocs, 269,647 frees, 32,967,079 bytes
allocated
==23125== 
==23125== LEAK SUMMARY:
==23125==    definitely lost: 11,768 bytes in 564 blocks
==23125==    indirectly lost: 36,648 bytes in 49 blocks
==23125==      possibly lost: 0 bytes in 0 blocks
==23125==    still reachable: 1,181,092 bytes in 29,365 blocks
==23125==         suppressed: 0 bytes in 0 blocks
==23125== Rerun with --leak-check=full to see details of leaked memory
==23125== 
==23125== For counts of detected and suppressed errors, rerun with: -v
==23125== Use --track-origins=yes to see where uninitialised values come from
==23125== ERROR SUMMARY: 36 errors from 3 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.