Wireshark-bugs: [Wireshark-bugs] [Bug 10491] New: Buildbot crash output: fuzz-2014-09-20-28834.p
Bug ID |
10491
|
Summary |
Buildbot crash output: fuzz-2014-09-20-28834.pcap
|
Product |
Wireshark
|
Version |
unspecified
|
Hardware |
x86-64
|
URL |
https://www.wireshark.org/download/automated/captures/fuzz-2014-09-20-28834.pcap
|
OS |
Ubuntu
|
Status |
CONFIRMED
|
Severity |
Major
|
Priority |
High
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
buildbot-do-not-reply@wireshark.org
|
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2014-09-20-28834.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/2415-wsp.pcap
Build host information:
Linux wsbb04 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=2967
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=b7940046fae473cf1d64a76ee90b23ca89b93768
Return value: 0
Dissector bug: 0
Valgrind error count: 6
Git commit
commit b7940046fae473cf1d64a76ee90b23ca89b93768
Author: Bill Meier <wmeier@newsguy.com>
Date: Thu Sep 18 22:29:29 2014 -0400
packet-http2.c: Do encoding-arg changes (all benign)
For:
- FT_BYTES: Always use just ENC_NA
- integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN
Change-Id: I0885f7d110014cb8a7eba1c1892ed8d0852d076a
Reviewed-on: https://code.wireshark.org/review/4187
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Command and args: ./tools/valgrind-wireshark.sh -T
==15985== Memcheck, a memory error detector
==15985== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==15985== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==15985== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-09-20-28834.pcap
==15985==
==15985== Conditional jump or move depends on uninitialised value(s)
==15985== at 0x6650D05: get_ts_23_038_7bits_string (charsets.c:749)
==15985== by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985== by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985== by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985== by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985== by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985== by 0x6666764: call_dissector_work (packet.c:713)
==15985== by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985== by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985== by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985== by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985== by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985==
==15985== Use of uninitialised value of size 8
==15985== at 0x6650DA5: get_ts_23_038_7bits_string (charsets.c:708)
==15985== by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985== by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985== by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985== by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985== by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985== by 0x6666764: call_dissector_work (packet.c:713)
==15985== by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985== by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985== by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985== by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985== by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985==
==15985== Conditional jump or move depends on uninitialised value(s)
==15985== at 0x6650D3F: get_ts_23_038_7bits_string (charsets.c:749)
==15985== by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985== by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985== by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985== by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985== by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985== by 0x6666764: call_dissector_work (packet.c:713)
==15985== by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985== by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985== by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985== by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985== by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985==
==15985== Use of uninitialised value of size 8
==15985== at 0x6650DC1: get_ts_23_038_7bits_string (charsets.c:708)
==15985== by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985== by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985== by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985== by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985== by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985== by 0x6666764: call_dissector_work (packet.c:713)
==15985== by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985== by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985== by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985== by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985== by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985==
==15985==
==15985== HEAP SUMMARY:
==15985== in use at exit: 1,215,429 bytes in 29,586 blocks
==15985== total heap usage: 223,013 allocs, 193,427 frees, 28,442,266 bytes
allocated
==15985==
==15985== LEAK SUMMARY:
==15985== definitely lost: 3,592 bytes in 158 blocks
==15985== indirectly lost: 36,648 bytes in 49 blocks
==15985== possibly lost: 0 bytes in 0 blocks
==15985== still reachable: 1,175,189 bytes in 29,379 blocks
==15985== suppressed: 0 bytes in 0 blocks
==15985== Rerun with --leak-check=full to see details of leaked memory
==15985==
==15985== For counts of detected and suppressed errors, rerun with: -v
==15985== Use --track-origins=yes to see where uninitialised values come from
==15985== ERROR SUMMARY: 6 errors from 4 contexts (suppressed: 0 from 0)
[ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.