Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9268] New: Buildbot crash output: fuzz-2013-10-12-19881.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 9268] New: Buildbot crash output: fuzz-2013-10-12-19881.pc

Date: Sat, 12 Oct 2013 17:30:03 +0000

Bug ID	9268
Summary	Buildbot crash output: fuzz-2013-10-12-19881.pcap
Classification	Unclassified
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	http://www.wireshark.org/download/automated/captures/fuzz-2013-10-12-19881.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2013-10-12-19881.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/03-13_los_altos.pcap

Build host information:
Linux wsbb04 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 12.04.2 LTS
Release:    12.04
Codename:    precise

Buildbot information:
BUILDBOT_REPOSITORY=http://code.wireshark.org/git/wireshark
BUILDBOT_BUILDNUMBER=2125
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang-Code-Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=37a7e3382c8daea28ea5e38372696d2da7ce5fd7

Return value:  0

Dissector bug:  0

Valgrind error count:  130



Git commit
commit 37a7e3382c8daea28ea5e38372696d2da7ce5fd7
Author: Chris Maynard <[email protected]>
Date:   Thu Oct 10 19:48:37 2013 +0000

    Revert the changes made to resolve
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528 (When following an
HTTP tcp stream decode gzip data automatically), as they caused a bigger
problem reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
("Follow TCP Stream" shows only first HTTP req+res).

    #BACKPORT(1.10)


    svn path=/trunk/; revision=52506


Command and args: ./tools/valgrind-wireshark.sh -T

==29166== Memcheck, a memory error detector
==29166== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==29166== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==29166== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2013-10-12-19881.pcap
==29166== 
==29166== Invalid read of size 1
==29166==    at 0x4C2D0E1: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94A9F8D: g_array_append_vals (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x94AAFD8: g_byte_array_append (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x649736A: proto_tree_set_bytes (proto.c:2039)
==29166==    by 0x649900C: proto_tree_add_bytes (proto.c:1972)
==29166==    by 0x64991F5: proto_tree_add_bytes_format (proto.c:2018)
==29166==    by 0x6B10CF1: dissect_tcp (packet-tcp.c:4577)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==  Address 0xfc01c23 is 11 bytes after a block of size 8 alloc'd
==29166==    at 0x4C2B6CD: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94DAA78: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x6F2A957: wmem_simple_alloc (wmem_allocator_simple.c:51)
==29166==    by 0x64B974D: tvb_memdup (tvbuff.c:774)
==29166==    by 0x6B10CB7: dissect_tcp (packet-tcp.c:4575)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166== 
==29166== Invalid read of size 8
==29166==    at 0x4C2D108: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94A9F8D: g_array_append_vals (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x94AAFD8: g_byte_array_append (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x649736A: proto_tree_set_bytes (proto.c:2039)
==29166==    by 0x649900C: proto_tree_add_bytes (proto.c:1972)
==29166==    by 0x64991F5: proto_tree_add_bytes_format (proto.c:2018)
==29166==    by 0x6B10CF1: dissect_tcp (packet-tcp.c:4577)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==  Address 0xfc01c18 is 0 bytes after a block of size 8 alloc'd
==29166==    at 0x4C2B6CD: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94DAA78: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x6F2A957: wmem_simple_alloc (wmem_allocator_simple.c:51)
==29166==    by 0x64B974D: tvb_memdup (tvbuff.c:774)
==29166==    by 0x6B10CB7: dissect_tcp (packet-tcp.c:4575)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166== 
==29166== Invalid read of size 8
==29166==    at 0x4C2D000: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94A9F8D: g_array_append_vals (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x94AAFD8: g_byte_array_append (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x649736A: proto_tree_set_bytes (proto.c:2039)
==29166==    by 0x649900C: proto_tree_add_bytes (proto.c:1972)
==29166==    by 0x64991F5: proto_tree_add_bytes_format (proto.c:2018)
==29166==    by 0x6B10CF1: dissect_tcp (packet-tcp.c:4577)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==  Address 0xff5df28 is 0 bytes after a block of size 8 alloc'd
==29166==    at 0x4C2B6CD: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94DAA78: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x6F2A957: wmem_simple_alloc (wmem_allocator_simple.c:51)
==29166==    by 0x64B974D: tvb_memdup (tvbuff.c:774)
==29166==    by 0x6B10CB7: dissect_tcp (packet-tcp.c:4575)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166== 
==29166== Invalid read of size 2
==29166==    at 0x4C2D050: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94A9F8D: g_array_append_vals (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x94AAFD8: g_byte_array_append (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x649736A: proto_tree_set_bytes (proto.c:2039)
==29166==    by 0x649900C: proto_tree_add_bytes (proto.c:1972)
==29166==    by 0x64991F5: proto_tree_add_bytes_format (proto.c:2018)
==29166==    by 0x6B10CF1: dissect_tcp (packet-tcp.c:4577)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==  Address 0xff5df30 is 8 bytes after a block of size 8 alloc'd
==29166==    at 0x4C2B6CD: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94DAA78: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x6F2A957: wmem_simple_alloc (wmem_allocator_simple.c:51)
==29166==    by 0x64B974D: tvb_memdup (tvbuff.c:774)
==29166==    by 0x6B10CB7: dissect_tcp (packet-tcp.c:4575)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166== 
==29166== Invalid read of size 8
==29166==    at 0x4C2D00F: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94A9F8D: g_array_append_vals (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x94AAFD8: g_byte_array_append (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x649736A: proto_tree_set_bytes (proto.c:2039)
==29166==    by 0x649900C: proto_tree_add_bytes (proto.c:1972)
==29166==    by 0x64991F5: proto_tree_add_bytes_format (proto.c:2018)
==29166==    by 0x6B10CF1: dissect_tcp (packet-tcp.c:4577)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==  Address 0x10ef90a0 is 9 bytes after a block of size 7 alloc'd
==29166==    at 0x4C2B6CD: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29166==    by 0x94DAA78: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3)
==29166==    by 0x6F2A957: wmem_simple_alloc (wmem_allocator_simple.c:51)
==29166==    by 0x64B974D: tvb_memdup (tvbuff.c:774)
==29166==    by 0x6B10CB7: dissect_tcp (packet-tcp.c:4575)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166==    by 0x6489322: dissector_try_uint_new (packet.c:1017)
==29166==    by 0x6489376: dissector_try_uint (packet.c:1043)
==29166==    by 0x681B90E: dissect_ip (packet-ip.c:2407)
==29166==    by 0x6488097: call_dissector_through_handle (packet.c:492)
==29166==    by 0x64889E4: call_dissector_work (packet.c:586)
==29166== 

** (process:29166): WARNING **: Dissector bug, protocol SMB, in packet 24834:
proto.c:2978: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"
==29166== 
==29166== HEAP SUMMARY:
==29166==     in use at exit: 1,131,639 bytes in 26,610 blocks
==29166==   total heap usage: 8,749,076 allocs, 8,722,466 frees, 653,727,415
bytes allocated
==29166== 
==29166== LEAK SUMMARY:
==29166==    definitely lost: 8,109 bytes in 1,568 blocks
==29166==    indirectly lost: 1,400 bytes in 51 blocks
==29166==      possibly lost: 0 bytes in 0 blocks
==29166==    still reachable: 1,122,130 bytes in 24,991 blocks
==29166==         suppressed: 0 bytes in 0 blocks
==29166== Rerun with --leak-check=full to see details of leaked memory
==29166== 
==29166== For counts of detected and suppressed errors, rerun with: -v
==29166== ERROR SUMMARY: 130 errors from 5 contexts (suppressed: 11 from 5)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9268] Buildbot crash output: fuzz-2013-10-12-19881.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9268] Buildbot crash output: fuzz-2013-10-12-19881.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9263] Buildbot crash output: fuzz-2013-10-10-12811.pcap
Next by Date: [Wireshark-bugs] [Bug 9263] Buildbot crash output: fuzz-2013-10-10-12811.pcap
Previous by thread: [Wireshark-bugs] [Bug 3513] Lua dissector field registration broken
Next by thread: [Wireshark-bugs] [Bug 9268] Buildbot crash output: fuzz-2013-10-12-19881.pcap
Index(es):
- Date
- Thread