Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10050] New: Buildbot crash output: fuzz-2014-04-26-15373.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10050] New: Buildbot crash output: fuzz-2014-04-26-15373.p

Date: Sun, 27 Apr 2014 08:10:04 +0000

Bug ID	10050
Summary	Buildbot crash output: fuzz-2014-04-26-15373.pcap
Classification	Unclassified
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	http://www.wireshark.org/download/automated/captures/fuzz-2014-04-26-15373.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2014-04-26-15373.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/1580-Lab_Test_G729a_to_T38.pcap

Build host information:
Linux wsbb04 3.2.0-60-generic #91-Ubuntu SMP Wed Feb 19 03:54:44 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 12.04.4 LTS
Release:    12.04
Codename:    precise

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2726
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=83fe3572c5d21b38cebf19ab07b2b10c1fa0816a

Return value:  0

Dissector bug:  0

Valgrind error count:  9



Git commit
commit 83fe3572c5d21b38cebf19ab07b2b10c1fa0816a
Author: Peter Wu <[email protected]>
Date:   Fri Apr 25 12:10:57 2014 +0200

    Fix reading keyfile for "any" IP address

    The same file pointer is used for both IPv4 and IPv6.

    Change-Id: I448ee10426882dcd5bcddf6b005ca1d07fe9572c
    Reviewed-on: https://code.wireshark.org/review/1345
    Reviewed-by: Pascal Quantin <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==26745== Memcheck, a memory error detector
==26745== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==26745== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==26745== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-04-26-15373.pcap
==26745== 
==26745== Conditional jump or move depends on uninitialised value(s)
==26745==    at 0x6EE09A2: dissect_t38_T_field_data (t38.cnf:197)
==26745==    by 0x6B032A2: dissect_per_sequence (packet-per.c:1852)
==26745==    by 0x6EE11DA: dissect_t38_Data_Field_item (t38.cnf:243)
==26745==    by 0x6AFF7D2: dissect_per_sequence_of_helper (packet-per.c:527)
==26745==    by 0x6B00718: dissect_per_sequence_of (packet-per.c:558)
==26745==    by 0x6EE080A: dissect_t38_Data_Field (t38.cnf:65)
==26745==    by 0x6B032A2: dissect_per_sequence (packet-per.c:1852)
==26745==    by 0x6EE07CA: dissect_t38_IFPPacket (t38.cnf:80)
==26745==    by 0x6B00900: dissect_per_open_type_internal (packet-per.c:225)
==26745==    by 0x6B00ACF: dissect_per_open_type (packet-per.c:246)
==26745==    by 0x6EE0C3D: dissect_t38_T_primary_ifp_packet (t38.cnf:250)
==26745==    by 0x6B032A2: dissect_per_sequence (packet-per.c:1852)
==26745== 
==26745== Conditional jump or move depends on uninitialised value(s)
==26745==    at 0x6EE19D7: dissect_t38_T_field_type (packet-t38-template.c:359)
==26745==    by 0x6B032A2: dissect_per_sequence (packet-per.c:1852)
==26745==    by 0x6EE11DA: dissect_t38_Data_Field_item (t38.cnf:243)
==26745==    by 0x6AFF7D2: dissect_per_sequence_of_helper (packet-per.c:527)
==26745==    by 0x6B00718: dissect_per_sequence_of (packet-per.c:558)
==26745==    by 0x6EE080A: dissect_t38_Data_Field (t38.cnf:65)
==26745==    by 0x6B032A2: dissect_per_sequence (packet-per.c:1852)
==26745==    by 0x6EE07CA: dissect_t38_IFPPacket (t38.cnf:80)
==26745==    by 0x6B00900: dissect_per_open_type_internal (packet-per.c:225)
==26745==    by 0x6B00ACF: dissect_per_open_type (packet-per.c:246)
==26745==    by 0x6EE0C3D: dissect_t38_T_primary_ifp_packet (t38.cnf:250)
==26745==    by 0x6B032A2: dissect_per_sequence (packet-per.c:1852)
==26745== 
==26745== 
==26745== HEAP SUMMARY:
==26745==     in use at exit: 1,222,120 bytes in 29,430 blocks
==26745==   total heap usage: 363,007 allocs, 333,577 frees, 34,444,793 bytes
allocated
==26745== 
==26745== LEAK SUMMARY:
==26745==    definitely lost: 10,629 bytes in 375 blocks
==26745==    indirectly lost: 36,424 bytes in 49 blocks
==26745==      possibly lost: 0 bytes in 0 blocks
==26745==    still reachable: 1,175,067 bytes in 29,006 blocks
==26745==         suppressed: 0 bytes in 0 blocks
==26745== Rerun with --leak-check=full to see details of leaked memory
==26745== 
==26745== For counts of detected and suppressed errors, rerun with: -v
==26745== Use --track-origins=yes to see where uninitialised values come from
==26745== ERROR SUMMARY: 9 errors from 2 contexts (suppressed: 3 from 3)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10050] Buildbot crash output: fuzz-2014-04-26-15373.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9995] IPv6 Next Header 0x3d recognized as SHIM6
Next by Date: [Wireshark-bugs] [Bug 10029] SAP (Session Announcement Protocol) dissector reads wrong IP version
Previous by thread: [Wireshark-bugs] [Bug 8822] HTTP heuristic is expensive when checking binary TCP protocols
Next by thread: [Wireshark-bugs] [Bug 10050] Buildbot crash output: fuzz-2014-04-26-15373.pcap
Index(es):
- Date
- Thread