Wireshark-bugs: [Wireshark-bugs] [Bug 9263] New: Buildbot crash output: fuzz-2013-10-10-12811.pc

Date: Thu, 10 Oct 2013 20:20:05 +0000
Bug ID 9263
Summary Buildbot crash output: fuzz-2013-10-10-12811.pcap
Classification Unclassified
Product Wireshark
Version unspecified
Hardware x86-64
URL http://www.wireshark.org/download/automated/captures/fuzz-2013-10-10-12811.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2013-10-10-12811.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10518-malformed-readdirs.cap.gz

Build host information:
Linux wsbb04 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 12.04.2 LTS
Release:    12.04
Codename:    precise

Buildbot information:
BUILDBOT_REPOSITORY=http://code.wireshark.org/git/wireshark
BUILDBOT_BUILDNUMBER=2124
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang-Code-Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=69da562c83e58c9bf71775ab492219534ee459cc

Return value:  0

Dissector bug:  0

Valgrind error count:  3



Git commit
commit 69da562c83e58c9bf71775ab492219534ee459cc
Author: Evan Huus <[email protected]>
Date:   Tue Oct 8 21:12:06 2013 +0000

    Don't try and construct an OID string if the len is zero. Fixes
    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9246

    svn path=/trunk/; revision=52455


Command and args: ./tools/valgrind-wireshark.sh -T

==21838== Memcheck, a memory error detector
==21838== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==21838== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==21838== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2013-10-10-12811.pcap
==21838== 
==21838== Conditional jump or move depends on uninitialised value(s)
==21838==    at 0x64AE7AD: get_token_len (strutil.c:127)
==21838==    by 0x680AEAD: dissect_imap (packet-imap.c:216)
==21838==    by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838==    by 0x6486A64: call_dissector_work (packet.c:586)
==21838==    by 0x64873A2: dissector_try_uint_new (packet.c:1017)
==21838==    by 0x64873F6: dissector_try_uint (packet.c:1043)
==21838==    by 0x6B0B33C: decode_tcp_ports (packet-tcp.c:3867)
==21838==    by 0x6B0B77D: process_tcp_payload (packet-tcp.c:3926)
==21838==    by 0x6B0BD2D: dissect_tcp_payload (packet-tcp.c:1751)
==21838==    by 0x6B0D0EB: dissect_tcp (packet-tcp.c:4763)
==21838==    by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838==    by 0x6486A64: call_dissector_work (packet.c:586)
==21838== 
==21838== Conditional jump or move depends on uninitialised value(s)
==21838==    at 0x64AE7B1: get_token_len (strutil.c:127)
==21838==    by 0x680AEAD: dissect_imap (packet-imap.c:216)
==21838==    by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838==    by 0x6486A64: call_dissector_work (packet.c:586)
==21838==    by 0x64873A2: dissector_try_uint_new (packet.c:1017)
==21838==    by 0x64873F6: dissector_try_uint (packet.c:1043)
==21838==    by 0x6B0B33C: decode_tcp_ports (packet-tcp.c:3867)
==21838==    by 0x6B0B77D: process_tcp_payload (packet-tcp.c:3926)
==21838==    by 0x6B0BD2D: dissect_tcp_payload (packet-tcp.c:1751)
==21838==    by 0x6B0D0EB: dissect_tcp (packet-tcp.c:4763)
==21838==    by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838==    by 0x6486A64: call_dissector_work (packet.c:586)
==21838== 
==21838== Conditional jump or move depends on uninitialised value(s)
==21838==    at 0x64AE7B5: get_token_len (strutil.c:127)
==21838==    by 0x680AEAD: dissect_imap (packet-imap.c:216)
==21838==    by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838==    by 0x6486A64: call_dissector_work (packet.c:586)
==21838==    by 0x64873A2: dissector_try_uint_new (packet.c:1017)
==21838==    by 0x64873F6: dissector_try_uint (packet.c:1043)
==21838==    by 0x6B0B33C: decode_tcp_ports (packet-tcp.c:3867)
==21838==    by 0x6B0B77D: process_tcp_payload (packet-tcp.c:3926)
==21838==    by 0x6B0BD2D: dissect_tcp_payload (packet-tcp.c:1751)
==21838==    by 0x6B0D0EB: dissect_tcp (packet-tcp.c:4763)
==21838==    by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838==    by 0x6486A64: call_dissector_work (packet.c:586)
==21838== 

** (process:21838): WARNING **: Dissector bug, protocol SMB, in packet 24872:
proto.c:2978: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"
==21838== 
==21838== HEAP SUMMARY:
==21838==     in use at exit: 1,124,059 bytes in 25,110 blocks
==21838==   total heap usage: 6,272,898 allocs, 6,247,788 frees, 412,398,827
bytes allocated
==21838== 
==21838== LEAK SUMMARY:
==21838==    definitely lost: 1,761 bytes in 89 blocks
==21838==    indirectly lost: 1,400 bytes in 51 blocks
==21838==      possibly lost: 0 bytes in 0 blocks
==21838==    still reachable: 1,120,898 bytes in 24,970 blocks
==21838==         suppressed: 0 bytes in 0 blocks
==21838== Rerun with --leak-check=full to see details of leaked memory
==21838== 
==21838== For counts of detected and suppressed errors, rerun with: -v
==21838== Use --track-origins=yes to see where uninitialised values come from
==21838== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 3 from 3)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.