Wireshark-bugs: [Wireshark-bugs] [Bug 13215] New: Buildbot crash output: fuzz-2016-12-07-6687.pc
Date: Wed, 07 Dec 2016 08:40:03 +0000
Bug ID 13215
Summary Buildbot crash output: fuzz-2016-12-07-6687.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-12-07-6687.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-07-6687.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/11275-cops-fuzz-test.pcap

Build host information:
Linux wsbb04 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:39:52 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3808
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=199756b43db99217f37629611a511ec48caf49a3

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit 199756b43db99217f37629611a511ec48caf49a3
Author: Michael Mann <mmann78@netscape.net>
Date:   Mon Dec 5 07:39:06 2016 -0500

    SMB: Limit Export object files to 32 bits.

    Most of the file offset fields are 32-bit, but the algorithms use gsize
    variables, which can vary between 32 and 64 bit builds.  The 64-bit
    builds are the ones with the problem with "garbage" data comes from
    (effectively) invalid 32-bit offsets.

    Bug: 11133
    Change-Id: Icb5d31ae732f9177f3a117dfae39bf1cc983d603
    Reviewed-on: https://code.wireshark.org/review/19091
    Petri-Dish: Michael Mann <mmann78@netscape.net>
    Reviewed-by: Michael Mann <mmann78@netscape.net>


Command and args: ./tools/valgrind-wireshark.sh 

==25217== Memcheck, a memory error detector
==25217== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==25217== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==25217== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-07-6687.pcap
==25217== 
==25217== Conditional jump or move depends on uninitialised value(s)
==25217==    at 0x69FC604: dissect_cops_pdu (packet-cops.c:1103)
==25217==    by 0x6F7AA5D: tcp_dissect_pdus (packet-tcp.c:2750)
==25217==    by 0x69FAFB1: dissect_cops (packet-cops.c:1135)
==25217==    by 0x682BF38: call_dissector_through_handle (packet.c:618)
==25217==    by 0x682BF38: call_dissector_work (packet.c:706)
==25217==    by 0x682BDFE: dissector_try_uint_new (packet.c:1163)
==25217==    by 0x6F7AD55: decode_tcp_ports (packet-tcp.c:4629)
==25217==    by 0x6F7BE60: process_tcp_payload (packet-tcp.c:4682)
==25217==    by 0x6F7B32A: desegment_tcp (packet-tcp.c:2270)
==25217==    by 0x6F7B32A: dissect_tcp_payload (packet-tcp.c:4749)
==25217==    by 0x6F7FBA6: dissect_tcp (packet-tcp.c:5656)
==25217==    by 0x682BF69: call_dissector_through_handle (packet.c:620)
==25217==    by 0x682BF69: call_dissector_work (packet.c:706)
==25217==    by 0x682BDFE: dissector_try_uint_new (packet.c:1163)
==25217==    by 0x6C1397F: ip_try_dissect (packet-ip.c:2000)
==25217== 
==25217== 
==25217== HEAP SUMMARY:
==25217==     in use at exit: 1,034,856 bytes in 28,346 blocks
==25217==   total heap usage: 243,815 allocs, 215,469 frees, 31,539,004 bytes
allocated
==25217== 
==25217== LEAK SUMMARY:
==25217==    definitely lost: 2,972 bytes in 127 blocks
==25217==    indirectly lost: 36,704 bytes in 50 blocks
==25217==      possibly lost: 0 bytes in 0 blocks
==25217==    still reachable: 995,180 bytes in 28,169 blocks
==25217==         suppressed: 0 bytes in 0 blocks
==25217== Rerun with --leak-check=full to see details of leaked memory
==25217== 
==25217== For counts of detected and suppressed errors, rerun with: -v
==25217== Use --track-origins=yes to see where uninitialised values come from
==25217== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.