Wireshark-bugs: [Wireshark-bugs] [Bug 9665] New: Buildbot crash output: fuzz-2014-01-19-11279.pc

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 19 Jan 2014 19:40:03 +0000
Bug ID 9665
Summary Buildbot crash output: fuzz-2014-01-19-11279.pcap
Classification Unclassified
Product Wireshark
Version unspecified
Hardware x86-64
URL http://www.wireshark.org/download/automated/captures/fuzz-2014-01-19-11279.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2014-01-19-11279.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10052-wireshark_vs_omnipeek.jpg

Build host information:
Linux wsbb04 3.2.0-58-generic #88-Ubuntu SMP Tue Dec 3 17:37:58 UTC 2013 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 12.04.4 LTS
Release:    12.04
Codename:    precise

Buildbot information:
BUILDBOT_REPOSITORY=https://code.wireshark.org/review/wireshark
BUILDBOT_BUILDNUMBER=2514
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang-Code-Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=a8002aa0b74e747d835889d8897c5733ba052ee0

Return value:  2

Dissector bug:  0

Valgrind error count:  0



Git commit
commit a8002aa0b74e747d835889d8897c5733ba052ee0
Author: Jörg Mayer <[email protected]>
Date:   Sun Jan 19 17:59:20 2014 +0000

    Fix two coverity messages:

    *** CID 718534:  Dereference before null check  (REVERSE_INULL)
    /tools/lemon/lemon.c: 3425 in translate_code()
    3419                rp->rhs[i]->index,i-rp->nrhs+1);
    3420           }else{
    3421             /* No destructor defined for this term */
    3422           }
    3423         }
    3424       }
    >>>     CID 718534:  Dereference before null check  (REVERSE_INULL)
    >>>     Null-checking "rp->code" suggests that it may be null, but it has
already been
    +dereferenced on all paths leading to the check.
    3425       if( rp->code ){
    3426         cp = append_str(0,0,0,0);
    3427         rp->code = Strsafe(cp?cp:"");
    3428       }
    3429     }
    3430

    *** CID 1156989:  Out-of-bounds read  (OVERRUN)
    /tools/lemon/lemon.c: 3139 in tplt_xfer()
    3133       int i, iStart;
    3134       char line[LINESIZE];
    3135       while( fgets(line,LINESIZE,in) && (line[0]!='%' || line[1]!='%')
){
    3136         (*lineno)++;
    3137         iStart = 0;
    3138         if( name ){
    >>>     CID 1156989:  Out-of-bounds read  (OVERRUN)
    >>>     Overrunning array "line" of 1000 bytes at byte offset 1000 using
index "i"
    +(which evaluates to 1000).
    3139           for(i=0; line[i] && i<LINESIZE; i++){
    3140             if( line[i]=='P' && i<(LINESIZE-5) &&
strncmp(&line[i],"Parse",5)==0
    3141               && (i==0 || !safe_isalpha(line[i-1]))
    3142             ){
    3143               if( i>iStart )
fprintf(out,"%.*s",i-iStart,&line[iStart]);
    3144               fprintf(out,"%s",name);

    svn path=/trunk/; revision=54849


Command and args: ./tshark -nVxr

tshark: The file
"/fuzz/buildbot/clangcodeanalysis/menagerie-fuzz/fuzz-2014-01-19-11279.pcap"
appears to be damaged or corrupt.
(pcapng_read_packet_block: cap_len 634477 is larger than WTAP_MAX_PACKET_SIZE
65535)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.