Wireshark-bugs: [Wireshark-bugs] [Bug 9182] New: Buildbot crash output: fuzz-2013-09-25-25456.pc

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 25 Sep 2013 07:50:04 +0000
Bug ID 9182
Summary Buildbot crash output: fuzz-2013-09-25-25456.pcap
Classification Unclassified
Product Wireshark
Version unspecified
Hardware x86-64
URL http://www.wireshark.org/download/automated/captures/fuzz-2013-09-25-25456.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2013-09-25-25456.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10129-trc_00004_20130227111552

Build host information:
Linux wsbb04 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 12.04.2 LTS
Release:    12.04
Codename:    precise

Buildbot information:
BUILDBOT_REPOSITORY=http://code.wireshark.org/git/wireshark
BUILDBOT_BUILDNUMBER=2104
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang-Code-Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=bd3d51b5fe77fd8e9517b6ad5e26a0b5fa63bf46

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit bd3d51b5fe77fd8e9517b6ad5e26a0b5fa63bf46
Author: Alexis La Goutte <[email protected]>
Date:   Mon Sep 23 07:20:53 2013 +0000

    Fix Function call argument is an uninitialized value warning found by Clang

    svn path=/trunk/; revision=52186


Command and args: ./tools/valgrind-wireshark.sh 

==14101== Memcheck, a memory error detector
==14101== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==14101== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==14101== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2013-09-25-25456.pcap
==14101== 

** (process:14101): WARNING **: Dissector bug, protocol RPC_NETLOGON, in packet
3769: packet-dcerpc.c:2293: failed assertion "id <= ((guint32) 0xffffffff)"
==14101== Invalid read of size 8
==14101==    at 0x694080A: dissect_ntlmssp (string3.h:52)
==14101==    by 0x6472947: call_dissector_through_handle (packet.c:492)
==14101==    by 0x6473294: call_dissector_work (packet.c:586)
==14101==    by 0x6475100: call_dissector_with_data (packet.c:2105)
==14101==    by 0x6D28C19: dissect_spnego_T_responseToken (spnego.cnf:206)
==14101==    by 0x6572C83: dissect_ber_sequence (packet-ber.c:2231)
==14101==    by 0x6D2861F: dissect_spnego_NegTokenTarg (spnego.cnf:252)
==14101==    by 0x656D152: dissect_ber_choice (packet-ber.c:3380)
==14101==    by 0x6D2891F: dissect_spnego (spnego.cnf:273)
==14101==    by 0x6472947: call_dissector_through_handle (packet.c:492)
==14101==    by 0x6473294: call_dissector_work (packet.c:586)
==14101==    by 0x6475100: call_dissector_with_data (packet.c:2105)
==14101==  Address 0xf5a81b0 is 0 bytes inside a block of size 1 alloc'd
==14101==    at 0x4C2B6CD: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14101==    by 0x94A4A78: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==14101==    by 0x6F10EF7: wmem_simple_alloc (wmem_allocator_simple.c:51)
==14101==    by 0x693FD13: dissect_ntlmssp_blob (packet-ntlmssp.c:977)
==14101==    by 0x69405AD: dissect_ntlmssp (packet-ntlmssp.c:1703)
==14101==    by 0x6472947: call_dissector_through_handle (packet.c:492)
==14101==    by 0x6473294: call_dissector_work (packet.c:586)
==14101==    by 0x6475100: call_dissector_with_data (packet.c:2105)
==14101==    by 0x6D28C19: dissect_spnego_T_responseToken (spnego.cnf:206)
==14101==    by 0x6572C83: dissect_ber_sequence (packet-ber.c:2231)
==14101==    by 0x6D2861F: dissect_spnego_NegTokenTarg (spnego.cnf:252)
==14101==    by 0x656D152: dissect_ber_choice (packet-ber.c:3380)
==14101== 

** (process:14101): WARNING **: Dissector bug, protocol RPC_NETLOGON, in packet
24160: packet-dcerpc.c:2293: failed assertion "id <= ((guint32) 0xffffffff)"

** (process:14101): WARNING **: Dissector bug, protocol RPC_NETLOGON, in packet
24228: packet-dcerpc.c:2293: failed assertion "id <= ((guint32) 0xffffffff)"

** (process:14101): WARNING **: Dissector bug, protocol RPC_NETLOGON, in packet
25341: packet-dcerpc.c:2293: failed assertion "id <= ((guint32) 0xffffffff)"

** (process:14101): WARNING **: Dissector bug, protocol RPC_NETLOGON, in packet
28417: packet-dcerpc.c:2293: failed assertion "id <= ((guint32) 0xffffffff)"

** (process:14101): WARNING **: Dissector bug, protocol RPC_NETLOGON, in packet
28721: packet-dcerpc.c:2293: failed assertion "id <= ((guint32) 0xffffffff)"
==14101== 
==14101== HEAP SUMMARY:
==14101==     in use at exit: 1,136,170 bytes in 25,521 blocks
==14101==   total heap usage: 1,072,364 allocs, 1,046,843 frees, 60,516,403
bytes allocated
==14101== 
==14101== LEAK SUMMARY:
==14101==    definitely lost: 11,134 bytes in 453 blocks
==14101==    indirectly lost: 5,816 bytes in 135 blocks
==14101==      possibly lost: 0 bytes in 0 blocks
==14101==    still reachable: 1,119,220 bytes in 24,933 blocks
==14101==         suppressed: 0 bytes in 0 blocks
==14101== Rerun with --leak-check=full to see details of leaked memory
==14101== 
==14101== For counts of detected and suppressed errors, rerun with: -v
==14101== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 3 from 3)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.