Wireshark-bugs: [Wireshark-bugs] [Bug 12823] New: Buildbot crash output: fuzz-2016-09-04-23372.p
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 05 Sep 2016 03:10:03 +0000
Bug ID 12823
Summary Buildbot crash output: fuzz-2016-09-04-23372.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-09-04-23372.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-04-23372.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/IrDA_Traffic.ntar

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=75
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=4f6214a896cfe1af42232c50e4a76e6d15371884

Return value:  0

Dissector bug:  0

Valgrind error count:  10



Git commit
commit 4f6214a896cfe1af42232c50e4a76e6d15371884
Author: Gerald Combs <gerald@wireshark.org>
Date:   Thu Sep 1 13:51:13 2016 -0700

    Qt: Conversation time column updates.

    Add a checkbox which lets you toggle between absolute and relative start
    times. Use the local time for now. Fixes bug 11618.

    Adjust our time precision based on the capture file's time precision.
    Fixes bug 12803.

    Bug: 11618
    Bug: 12803
    Change-Id: I0049d6db6e4d0b6967bf35e6d056a61bfb4de10f
    Reviewed-on: https://code.wireshark.org/review/17471
    Reviewed-by: Gerald Combs <gerald@wireshark.org>
    Petri-Dish: Gerald Combs <gerald@wireshark.org>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
    Reviewed-by: Michael Mann <mmann78@netscape.net>


==7388== Memcheck, a memory error detector
==7388== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==7388== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==7388== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-04-23372.pcap
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA300BC4: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6937EA4: conversation_lookup_hashtable (conversation.c:822)
==7388==    by 0x6938AD3: find_conversation (conversation.c:1035)
==7388==    by 0xFB91B5F: add_lmp_conversation (packet-irda.c:1197)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA300BC4: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6937EA4: conversation_lookup_hashtable (conversation.c:822)
==7388==    by 0x6938B2F: find_conversation (conversation.c:1125)
==7388==    by 0xFB91B5F: add_lmp_conversation (packet-irda.c:1197)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA300BC4: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6937F44: conversation_insert_into_hashtable
(conversation.c:551)
==7388==    by 0x6938677: conversation_new (conversation.c:722)
==7388==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA3003FB: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6938677: conversation_new (conversation.c:722)
==7388==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388==    by 0x6949D9C: dissect_record (packet.c:531)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA2FFF97: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6938677: conversation_new (conversation.c:722)
==7388==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA300020: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6938677: conversation_new (conversation.c:722)
==7388==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA30002E: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6938677: conversation_new (conversation.c:722)
==7388==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA300044: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6938677: conversation_new (conversation.c:722)
==7388==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Use of uninitialised value of size 8
==7388==    at 0xA300071: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6938677: conversation_new (conversation.c:722)
==7388==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==7388==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==7388==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==7388==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==7388==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==7388==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==7388==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==7388==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==7388==    by 0x6947E2E: call_dissector_work (packet.c:723)
==7388==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==7388== 
==7388== Conditional jump or move depends on uninitialised value(s)
==7388==    at 0xA30017D: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0xA301102: g_hash_table_remove_all (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0xA30113D: g_hash_table_destroy (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==7388==    by 0x6938351: conversation_cleanup (conversation.c:494)
==7388==    by 0x6948088: cleanup_dissection (packet.c:297)
==7388==    by 0x693D86D: epan_free (epan.c:235)
==7388==    by 0x40DFE5: main (tshark.c:2041)
==7388== 
==7388== 
==7388== HEAP SUMMARY:
==7388==     in use at exit: 445,912 bytes in 9,614 blocks
==7388==   total heap usage: 258,040 allocs, 248,426 frees, 32,627,233 bytes
allocated
==7388== 
==7388== LEAK SUMMARY:
==7388==    definitely lost: 343 bytes in 20 blocks
==7388==    indirectly lost: 362 bytes in 4 blocks
==7388==      possibly lost: 0 bytes in 0 blocks
==7388==    still reachable: 445,207 bytes in 9,590 blocks
==7388==         suppressed: 0 bytes in 0 blocks
==7388== Rerun with --leak-check=full to see details of leaked memory
==7388== 
==7388== For counts of detected and suppressed errors, rerun with: -v
==7388== Use --track-origins=yes to see where uninitialised values come from
==7388== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 1 from 1)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.