Wireshark-bugs: [Wireshark-bugs] [Bug 11505] New: Buildbot crash output: fuzz-2015-09-05-9232.pc
Date: Sat, 05 Sep 2015 20:50:02 +0000
Bug ID 11505
Summary Buildbot crash output: fuzz-2015-09-05-9232.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-09-05-9232.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-09-05-9232.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/11635-91be931d-9d9e-49d0-8b89-48d059f520e1.pcap

Build host information:
Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=3308
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=68fa739ef16b21271dc8c3cb5649aa929379f3aa

Return value:  0

Dissector bug:  0

Valgrind error count:  47



Git commit
commit 68fa739ef16b21271dc8c3cb5649aa929379f3aa
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Thu Sep 3 14:10:40 2015 +0200

    Lua: Check if having listeners before remove

    This avoids a warning when trying to remove a listener twice.
      g_ptr_array_remove: assertion 'array' failed

    Change-Id: I0bcbbbe3b3393a8455b51fad80c5716fc38ac50e
    Reviewed-on: https://code.wireshark.org/review/10370
    Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
    Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>


Command and args: ./tools/valgrind-wireshark.sh 

==10091== Memcheck, a memory error detector
==10091== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==10091== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==10091== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-09-05-9232.pcap
==10091== 
==10091== Invalid read of size 1
==10091==    at 0xA303FE0: g_str_hash (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0xA303568: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0x68DAEA2: call_ber_oid_callback (packet-ber.c:545)
==10091==    by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==    by 0x6B728AF: dissect_http_message (packet-http.c:1483)
==10091==    by 0x6B6F342: dissect_http (packet-http.c:2948)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==  Address 0x15509a90 is 0 bytes inside a block of size 112 free'd
==10091==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107)
==10091==    by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81)
==10091==    by 0x4130F5: process_packet (tshark.c:3719)
==10091==    by 0x410A18: main (tshark.c:3475)
==10091== 
==10091== Invalid read of size 1
==10091==    at 0xA303FFD: g_str_hash (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0xA303568: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0x68DAEA2: call_ber_oid_callback (packet-ber.c:545)
==10091==    by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==    by 0x6B728AF: dissect_http_message (packet-http.c:1483)
==10091==    by 0x6B6F342: dissect_http (packet-http.c:2948)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==  Address 0x15509a91 is 1 bytes inside a block of size 112 free'd
==10091==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107)
==10091==    by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81)
==10091==    by 0x4130F5: process_packet (tshark.c:3719)
==10091==    by 0x410A18: main (tshark.c:3475)
==10091== 
==10091== Invalid read of size 1
==10091==    at 0x4C2E0E2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0xA330B02: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0x67D43E3: find_string_dtbl_entry (packet.c:1247)
==10091==    by 0x67D4586: dissector_try_string (packet.c:1436)
==10091==    by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116)
==10091==    by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==    by 0x6B728AF: dissect_http_message (packet-http.c:1483)
==10091==  Address 0x15509a90 is 0 bytes inside a block of size 112 free'd
==10091==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107)
==10091==    by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81)
==10091==    by 0x4130F5: process_packet (tshark.c:3719)
==10091==    by 0x410A18: main (tshark.c:3475)
==10091== 
==10091== Invalid read of size 1
==10091==    at 0x4C2E0F4: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0xA330B02: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0x67D43E3: find_string_dtbl_entry (packet.c:1247)
==10091==    by 0x67D4586: dissector_try_string (packet.c:1436)
==10091==    by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116)
==10091==    by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==    by 0x6B728AF: dissect_http_message (packet-http.c:1483)
==10091==  Address 0x15509a91 is 1 bytes inside a block of size 112 free'd
==10091==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107)
==10091==    by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81)
==10091==    by 0x4130F5: process_packet (tshark.c:3719)
==10091==    by 0x410A18: main (tshark.c:3475)
==10091== 
==10091== Invalid read of size 8
==10091==    at 0x4C2F790: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0xA330B1C: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0x67D43E3: find_string_dtbl_entry (packet.c:1247)
==10091==    by 0x67D4586: dissector_try_string (packet.c:1436)
==10091==    by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116)
==10091==    by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==    by 0x6B728AF: dissect_http_message (packet-http.c:1483)
==10091==  Address 0x15509a90 is 0 bytes inside a block of size 112 free'd
==10091==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107)
==10091==    by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81)
==10091==    by 0x4130F5: process_packet (tshark.c:3719)
==10091==    by 0x410A18: main (tshark.c:3475)
==10091== 
==10091== Invalid read of size 2
==10091==    at 0x4C2F7E0: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0xA330B1C: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0x67D43E3: find_string_dtbl_entry (packet.c:1247)
==10091==    by 0x67D4586: dissector_try_string (packet.c:1436)
==10091==    by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116)
==10091==    by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==    by 0x6B728AF: dissect_http_message (packet-http.c:1483)
==10091==  Address 0x15509aa0 is 16 bytes inside a block of size 112 free'd
==10091==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107)
==10091==    by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81)
==10091==    by 0x4130F5: process_packet (tshark.c:3719)
==10091==    by 0x410A18: main (tshark.c:3475)
==10091== 
==10091== Invalid read of size 1
==10091==    at 0x4C2F950: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0xA330B1C: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==10091==    by 0x67D43E3: find_string_dtbl_entry (packet.c:1247)
==10091==    by 0x67D4586: dissector_try_string (packet.c:1436)
==10091==    by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116)
==10091==    by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66)
==10091==    by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416)
==10091==    by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81)
==10091==    by 0x67D400F: call_dissector_work (packet.c:618)
==10091==    by 0x6B728AF: dissect_http_message (packet-http.c:1483)
==10091==  Address 0x15509aa4 is 20 bytes inside a block of size 112 free'd
==10091==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10091==    by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107)
==10091==    by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81)
==10091==    by 0x4130F5: process_packet (tshark.c:3719)
==10091==    by 0x410A18: main (tshark.c:3475)
==10091== 
==10091== 
==10091== HEAP SUMMARY:
==10091==     in use at exit: 1,037,016 bytes in 28,198 blocks
==10091==   total heap usage: 651,865 allocs, 623,667 frees, 53,532,682 bytes
allocated
==10091== 
==10091== LEAK SUMMARY:
==10091==    definitely lost: 3,012 bytes in 131 blocks
==10091==    indirectly lost: 36,536 bytes in 54 blocks
==10091==      possibly lost: 0 bytes in 0 blocks
==10091==    still reachable: 997,468 bytes in 28,013 blocks
==10091==         suppressed: 0 bytes in 0 blocks
==10091== Rerun with --leak-check=full to see details of leaked memory
==10091== 
==10091== For counts of detected and suppressed errors, rerun with: -v
==10091== ERROR SUMMARY: 47 errors from 7 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.