Wireshark-bugs: [Wireshark-bugs] [Bug 11462] New: Buildbot crash output: fuzz-2015-08-20-29629.p
Date: Sat, 22 Aug 2015 13:30:03 +0000
Bug ID | 11462 |
---|---|
Summary | Buildbot crash output: fuzz-2015-08-20-29629.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2015-08-20-29629.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | buildbot-do-not-reply@wireshark.org |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2015-08-20-29629.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/9025-avrcp_se_fragmentation_3.log Build host information: Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty Buildbot information: BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark BUILDBOT_BUILDNUMBER=3295 BUILDBOT_URL=http://buildbot.wireshark.org/trunk/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_SLAVENAME=clang-code-analysis BUILDBOT_GOT_REVISION=6ed3e080e9942d558b006a2f32a5aff0ff0d2876 Return value: 0 Dissector bug: 0 Valgrind error count: 5 Git commit commit 6ed3e080e9942d558b006a2f32a5aff0ff0d2876 Author: Alexis La Goutte <alexis.lagoutte@gmail.com> Date: Tue Aug 18 21:10:13 2015 +0200 pcapng(file): fix duplicate break Change-Id: Ife7170c050402ab94d368acc6c233714be764824 Reviewed-on: https://code.wireshark.org/review/10114 Reviewed-by: Guy Harris <guy@alum.mit.edu> Command and args: ./tools/valgrind-wireshark.sh ==17620== Memcheck, a memory error detector ==17620== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==17620== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==17620== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-08-20-29629.pcap ==17620== ==17620== Invalid read of size 4 ==17620== at 0x692EB35: dissect_bthcrp (packet-bthcrp.c:415) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C9C79: dissector_try_string (packet.c:1458) ==17620== by 0x691008D: dissect_btavctp (packet-btavctp.c:413) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== Address 0x154d335c is 20 bytes before a block of size 72 alloc'd ==17620== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17620== by 0xA2FF610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==17620== by 0xA31522D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==17620== by 0x67FCE91: tvb_new (tvbuff.c:87) ==17620== by 0x67FC634: tvb_new_subset_length (tvbuff_subset.c:113) ==17620== by 0x690FBDA: dissect_btavctp (packet-btavctp.c:207) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== ==17620== Invalid read of size 4 ==17620== at 0x692EB56: dissect_bthcrp (packet-bthcrp.c:416) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C9C79: dissector_try_string (packet.c:1458) ==17620== by 0x691008D: dissect_btavctp (packet-btavctp.c:413) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== Address 0x154d3360 is 16 bytes before a block of size 72 alloc'd ==17620== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17620== by 0xA2FF610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==17620== by 0xA31522D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==17620== by 0x67FCE91: tvb_new (tvbuff.c:87) ==17620== by 0x67FC634: tvb_new_subset_length (tvbuff_subset.c:113) ==17620== by 0x690FBDA: dissect_btavctp (packet-btavctp.c:207) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== ==17620== Invalid read of size 4 ==17620== at 0x692EB5F: dissect_bthcrp (packet-bthcrp.c:417) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C9C79: dissector_try_string (packet.c:1458) ==17620== by 0x691008D: dissect_btavctp (packet-btavctp.c:413) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== Address 0x154d3364 is 12 bytes before a block of size 72 alloc'd ==17620== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17620== by 0xA2FF610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==17620== by 0xA31522D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==17620== by 0x67FCE91: tvb_new (tvbuff.c:87) ==17620== by 0x67FC634: tvb_new_subset_length (tvbuff_subset.c:113) ==17620== by 0x690FBDA: dissect_btavctp (packet-btavctp.c:207) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== ==17620== Invalid read of size 2 ==17620== at 0x692EB71: dissect_bthcrp (packet-bthcrp.c:427) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C9C79: dissector_try_string (packet.c:1458) ==17620== by 0x691008D: dissect_btavctp (packet-btavctp.c:413) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== Address 0x154d3340 is 16 bytes after a block of size 16 alloc'd ==17620== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17620== by 0xA2FF610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==17620== by 0x73A763A: wmem_simple_alloc (wmem_allocator_simple.c:55) ==17620== by 0x690FB8D: dissect_btavctp (packet-btavctp.c:197) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== ==17620== Invalid read of size 2 ==17620== at 0x692F05E: dissect_bthcrp (packet-bthcrp.c:493) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C9C79: dissector_try_string (packet.c:1458) ==17620== by 0x691008D: dissect_btavctp (packet-btavctp.c:413) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C956E: dissector_try_uint_new (packet.c:1163) ==17620== by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485) ==17620== by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== by 0x67C8C8C: call_dissector_with_data (packet.c:2570) ==17620== by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417) ==17620== by 0x67C96CF: call_dissector_work (packet.c:618) ==17620== Address 0x154d3350 is not stack'd, malloc'd or (recently) free'd ==17620== ==17620== ==17620== HEAP SUMMARY: ==17620== in use at exit: 1,031,674 bytes in 28,007 blocks ==17620== total heap usage: 609,094 allocs, 581,087 frees, 49,848,048 bytes allocated ==17620== ==17620== LEAK SUMMARY: ==17620== definitely lost: 2,932 bytes in 126 blocks ==17620== indirectly lost: 36,456 bytes in 49 blocks ==17620== possibly lost: 0 bytes in 0 blocks ==17620== still reachable: 992,286 bytes in 27,832 blocks ==17620== suppressed: 0 bytes in 0 blocks ==17620== Rerun with --leak-check=full to see details of leaked memory ==17620== ==17620== For counts of detected and suppressed errors, rerun with: -v ==17620== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
- Prev by Date: [Wireshark-bugs] [Bug 11461] Additional (bogus) expert items with Wireshark compared to tshark
- Next by Date: [Wireshark-bugs] [Bug 11098] compare two capture files crashes wireshark when navigating the results
- Previous by thread: [Wireshark-bugs] [Bug 9039] wrong interpretation of first byte in userdata of profinet data
- Next by thread: [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
- Index(es):