Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10275] New: Buildbot crash output: fuzz-2014-07-11-8750.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10275] New: Buildbot crash output: fuzz-2014-07-11-8750.pc

Date: Fri, 11 Jul 2014 15:10:05 +0000

Bug ID	10275
Summary	Buildbot crash output: fuzz-2014-07-11-8750.pcap
Classification	Unclassified
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	http://www.wireshark.org/download/automated/captures/fuzz-2014-07-11-8750.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2014-07-11-8750.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/1393-protection_gunidiv.pcap

Build host information:
Linux wsbb04 3.2.0-65-generic #98-Ubuntu SMP Wed Jun 11 20:27:07 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 12.04.4 LTS
Release:    12.04
Codename:    precise

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2852
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=bb9a25177c53a556637241b0ab4391df659a370f

Return value:  0

Dissector bug:  0

Valgrind error count:  5



Git commit
commit bb9a25177c53a556637241b0ab4391df659a370f
Author: Gerald Combs <[email protected]>
Date:   Wed Jul 9 15:02:56 2014 -0700

    Add back actionFileQuit.

    Change-Id: I76cfe038c02a869fb71dc74b7c55fd932e2ccbb2
    Reviewed-on: https://code.wireshark.org/review/2967
    Reviewed-by: Gerald Combs <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh -T

==24675== Memcheck, a memory error detector
==24675== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==24675== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==24675== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-07-11-8750.pcap
==24675== 
==24675== Conditional jump or move depends on uninitialised value(s)
==24675==    at 0x6620CAE: proto_item_set_text (proto.c:4442)
==24675==    by 0x6C121DF: dissect_rsvp_session.isra.6 (packet-rsvp.c:2213)
==24675==    by 0x6C15A99: dissect_rsvp_gen_uni.isra.26 (packet-rsvp.c:5661)
==24675==    by 0x6C1B15F: dissect_rsvp_msg_tree (packet-rsvp.c:7118)
==24675==    by 0x6C1D786: dissect_rsvp_common (packet-rsvp.c:7241)
==24675==    by 0x6C1DAB0: dissect_rsvp (packet-rsvp.c:7337)
==24675==    by 0x660C8EE: call_dissector_through_handle (packet.c:622)
==24675==    by 0x660D32D: call_dissector_work (packet.c:713)
==24675==    by 0x660DB52: dissector_try_uint_new (packet.c:1145)
==24675==    by 0x69CB9E3: dissect_ip (packet-ip.c:2408)
==24675==    by 0x660C8A7: call_dissector_through_handle (packet.c:626)
==24675==    by 0x660D32D: call_dissector_work (packet.c:713)
==24675== 
==24675== Use of uninitialised value of size 8
==24675==    at 0x6620CB0: proto_item_set_text (proto.c:4446)
==24675==    by 0x6C121DF: dissect_rsvp_session.isra.6 (packet-rsvp.c:2213)
==24675==    by 0x6C15A99: dissect_rsvp_gen_uni.isra.26 (packet-rsvp.c:5661)
==24675==    by 0x6C1B15F: dissect_rsvp_msg_tree (packet-rsvp.c:7118)
==24675==    by 0x6C1D786: dissect_rsvp_common (packet-rsvp.c:7241)
==24675==    by 0x6C1DAB0: dissect_rsvp (packet-rsvp.c:7337)
==24675==    by 0x660C8EE: call_dissector_through_handle (packet.c:622)
==24675==    by 0x660D32D: call_dissector_work (packet.c:713)
==24675==    by 0x660DB52: dissector_try_uint_new (packet.c:1145)
==24675==    by 0x69CB9E3: dissect_ip (packet-ip.c:2408)
==24675==    by 0x660C8A7: call_dissector_through_handle (packet.c:626)
==24675==    by 0x660D32D: call_dissector_work (packet.c:713)
==24675== 
==24675== Use of uninitialised value of size 8
==24675==    at 0x661C456: proto_tree_set_representation (proto.c:4035)
==24675==    by 0x6620D16: proto_item_set_text (proto.c:4456)
==24675==    by 0x6C121DF: dissect_rsvp_session.isra.6 (packet-rsvp.c:2213)
==24675==    by 0x6C15A99: dissect_rsvp_gen_uni.isra.26 (packet-rsvp.c:5661)
==24675==    by 0x6C1B15F: dissect_rsvp_msg_tree (packet-rsvp.c:7118)
==24675==    by 0x6C1D786: dissect_rsvp_common (packet-rsvp.c:7241)
==24675==    by 0x6C1DAB0: dissect_rsvp (packet-rsvp.c:7337)
==24675==    by 0x660C8EE: call_dissector_through_handle (packet.c:622)
==24675==    by 0x660D32D: call_dissector_work (packet.c:713)
==24675==    by 0x660DB52: dissector_try_uint_new (packet.c:1145)
==24675==    by 0x69CB9E3: dissect_ip (packet-ip.c:2408)
==24675==    by 0x660C8A7: call_dissector_through_handle (packet.c:626)
==24675== 
==24675== Conditional jump or move depends on uninitialised value(s)
==24675==    at 0x661C465: proto_tree_set_representation (proto.c:4039)
==24675==    by 0x6620D16: proto_item_set_text (proto.c:4456)
==24675==    by 0x6C121DF: dissect_rsvp_session.isra.6 (packet-rsvp.c:2213)
==24675==    by 0x6C15A99: dissect_rsvp_gen_uni.isra.26 (packet-rsvp.c:5661)
==24675==    by 0x6C1B15F: dissect_rsvp_msg_tree (packet-rsvp.c:7118)
==24675==    by 0x6C1D786: dissect_rsvp_common (packet-rsvp.c:7241)
==24675==    by 0x6C1DAB0: dissect_rsvp (packet-rsvp.c:7337)
==24675==    by 0x660C8EE: call_dissector_through_handle (packet.c:622)
==24675==    by 0x660D32D: call_dissector_work (packet.c:713)
==24675==    by 0x660DB52: dissector_try_uint_new (packet.c:1145)
==24675==    by 0x69CB9E3: dissect_ip (packet-ip.c:2408)
==24675==    by 0x660C8A7: call_dissector_through_handle (packet.c:626)
==24675== 
==24675== Use of uninitialised value of size 8
==24675==    at 0x661C46D: proto_tree_set_representation (proto.c:4040)
==24675==    by 0x6620D16: proto_item_set_text (proto.c:4456)
==24675==    by 0x6C121DF: dissect_rsvp_session.isra.6 (packet-rsvp.c:2213)
==24675==    by 0x6C15A99: dissect_rsvp_gen_uni.isra.26 (packet-rsvp.c:5661)
==24675==    by 0x6C1B15F: dissect_rsvp_msg_tree (packet-rsvp.c:7118)
==24675==    by 0x6C1D786: dissect_rsvp_common (packet-rsvp.c:7241)
==24675==    by 0x6C1DAB0: dissect_rsvp (packet-rsvp.c:7337)
==24675==    by 0x660C8EE: call_dissector_through_handle (packet.c:622)
==24675==    by 0x660D32D: call_dissector_work (packet.c:713)
==24675==    by 0x660DB52: dissector_try_uint_new (packet.c:1145)
==24675==    by 0x69CB9E3: dissect_ip (packet-ip.c:2408)
==24675==    by 0x660C8A7: call_dissector_through_handle (packet.c:626)
==24675== 
==24675== 
==24675== HEAP SUMMARY:
==24675==     in use at exit: 1,207,605 bytes in 29,319 blocks
==24675==   total heap usage: 221,132 allocs, 191,813 frees, 28,229,312 bytes
allocated
==24675== 
==24675== LEAK SUMMARY:
==24675==    definitely lost: 3,592 bytes in 158 blocks
==24675==    indirectly lost: 36,648 bytes in 49 blocks
==24675==      possibly lost: 0 bytes in 0 blocks
==24675==    still reachable: 1,167,365 bytes in 29,112 blocks
==24675==         suppressed: 0 bytes in 0 blocks
==24675== Rerun with --leak-check=full to see details of leaked memory
==24675== 
==24675== For counts of detected and suppressed errors, rerun with: -v
==24675== Use --track-origins=yes to see where uninitialised values come from
==24675== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 3 from 3)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10275] Buildbot crash output: fuzz-2014-07-11-8750.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10269] Filtering on mp2t.cc.drop does not catch CC errors in 1.10.8
Next by Date: [Wireshark-bugs] [Bug 10276] New: Pcap files for BGP flow spec IPv6 support
Previous by thread: [Wireshark-bugs] [Bug 10274] Dissector for OID:1.2.826.0.1249.58.1.0 not implemented, Contact Wireshark developers if you want this supported
Next by thread: [Wireshark-bugs] [Bug 10275] Buildbot crash output: fuzz-2014-07-11-8750.pcap
Index(es):
- Date
- Thread