Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10312] New: Buildbot crash output: fuzz-2014-07-25-29443.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10312] New: Buildbot crash output: fuzz-2014-07-25-29443.p

Date: Fri, 25 Jul 2014 23:50:04 +0000

Bug ID	10312
Summary	Buildbot crash output: fuzz-2014-07-25-29443.pcap
Classification	Unclassified
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	http://www.wireshark.org/download/automated/captures/fuzz-2014-07-25-29443.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2014-07-25-29443.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/3744-demo_netlogon_lsa_dissection.cap

Build host information:
Linux wsbb04 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=
BUILDBOT_BUILDNUMBER=2882
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=73c1810a1f5e3ea04dec3d07ec6afbdfe9fcfd36

Return value:  0

Dissector bug:  0

Valgrind error count:  289



Git commit
commit 73c1810a1f5e3ea04dec3d07ec6afbdfe9fcfd36
Author: Alexis La Goutte <[email protected]>
Date:   Wed Jul 23 17:49:20 2014 +0200

    MySQL: Add Client can handle expried passwords extended Capability

    Change-Id: I9464e7d188d8e8c027db94c214e692ff233a13fd
    Reviewed-on: https://code.wireshark.org/review/3178
    Reviewed-by: Alexis La Goutte <[email protected]>
    Tested-by: Alexis La Goutte <[email protected]>
    Reviewed-by: Daniël van Eeden <[email protected]>
    Reviewed-by: Evan Huus <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==12419== Memcheck, a memory error detector
==12419== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==12419== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==12419== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-07-25-29443.pcap
==12419== 
==12419== Use of uninitialised value of size 8
==12419==    at 0x9727EA5: crypt_rc4_init (rc4.c:62)
==12419==    by 0x67ED6FA: dissect_secchan_verf (packet-dcerpc-netlogon.c:7862)
==12419==    by 0x65E2117: dissect_auth_verf.isra.4 (packet-dcerpc.c:1200)
==12419==    by 0x65E25D0: dissect_dcerpc_cn_auth (packet-dcerpc.c:3172)
==12419==    by 0x65E28FB: dissect_dcerpc_cn_stub.isra.8 (packet-dcerpc.c:3634)
==12419==    by 0x6817C85: dissect_dcerpc_cn (packet-dcerpc.c:3968)
==12419==    by 0x68191BB: dissect_dcerpc_cn_bs_body (packet-dcerpc.c:4987)
==12419==    by 0x661AEE9: dissector_try_heuristic (packet.c:2028)
==12419==    by 0x6CFC976: decode_tcp_ports (packet-tcp.c:3970)
==12419==    by 0x6CFCE0E: process_tcp_payload (packet-tcp.c:4016)
==12419==    by 0x6CFD3DF: dissect_tcp_payload (packet-tcp.c:1839)
==12419==    by 0x6CFF07B: dissect_tcp (packet-tcp.c:4913)
==12419== 
==12419== Conditional jump or move depends on uninitialised value(s)
==12419==    at 0x4C30C11: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12419==    by 0x67ED5D5: dissect_secchan_verf (packet-dcerpc-netlogon.c:7834)
==12419==    by 0x65E2117: dissect_auth_verf.isra.4 (packet-dcerpc.c:1200)
==12419==    by 0x65E25D0: dissect_dcerpc_cn_auth (packet-dcerpc.c:3172)
==12419==    by 0x65E28FB: dissect_dcerpc_cn_stub.isra.8 (packet-dcerpc.c:3634)
==12419==    by 0x6817C85: dissect_dcerpc_cn (packet-dcerpc.c:3968)
==12419==    by 0x68191BB: dissect_dcerpc_cn_bs_body (packet-dcerpc.c:4987)
==12419==    by 0x661AEE9: dissector_try_heuristic (packet.c:2028)
==12419==    by 0x6CFC976: decode_tcp_ports (packet-tcp.c:3970)
==12419==    by 0x6CFCE0E: process_tcp_payload (packet-tcp.c:4016)
==12419==    by 0x6CFD3DF: dissect_tcp_payload (packet-tcp.c:1839)
==12419==    by 0x6CFF07B: dissect_tcp (packet-tcp.c:4913)
==12419== 
==12419== Conditional jump or move depends on uninitialised value(s)
==12419==    at 0x4C30C32: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12419==    by 0x67ED5D5: dissect_secchan_verf (packet-dcerpc-netlogon.c:7834)
==12419==    by 0x65E2117: dissect_auth_verf.isra.4 (packet-dcerpc.c:1200)
==12419==    by 0x65E25D0: dissect_dcerpc_cn_auth (packet-dcerpc.c:3172)
==12419==    by 0x65E28FB: dissect_dcerpc_cn_stub.isra.8 (packet-dcerpc.c:3634)
==12419==    by 0x6817C85: dissect_dcerpc_cn (packet-dcerpc.c:3968)
==12419==    by 0x68191BB: dissect_dcerpc_cn_bs_body (packet-dcerpc.c:4987)
==12419==    by 0x661AEE9: dissector_try_heuristic (packet.c:2028)
==12419==    by 0x6CFC976: decode_tcp_ports (packet-tcp.c:3970)
==12419==    by 0x6CFCE0E: process_tcp_payload (packet-tcp.c:4016)
==12419==    by 0x6CFD3DF: dissect_tcp_payload (packet-tcp.c:1839)
==12419==    by 0x6CFF07B: dissect_tcp (packet-tcp.c:4913)
==12419== 
==12419== Conditional jump or move depends on uninitialised value(s)
==12419==    at 0x67ED824: dissect_packet_data.isra.21
(packet-dcerpc-netlogon.c:7898)
==12419==    by 0x65E294C: dissect_dcerpc_cn_stub.isra.8 (packet-dcerpc.c:1228)
==12419==    by 0x6817C85: dissect_dcerpc_cn (packet-dcerpc.c:3968)
==12419==    by 0x68191BB: dissect_dcerpc_cn_bs_body (packet-dcerpc.c:4987)
==12419==    by 0x661AEE9: dissector_try_heuristic (packet.c:2028)
==12419==    by 0x6CFC976: decode_tcp_ports (packet-tcp.c:3970)
==12419==    by 0x6CFCE0E: process_tcp_payload (packet-tcp.c:4016)
==12419==    by 0x6CFD3DF: dissect_tcp_payload (packet-tcp.c:1839)
==12419==    by 0x6CFF07B: dissect_tcp (packet-tcp.c:4913)
==12419==    by 0x6619093: call_dissector_through_handle (packet.c:626)
==12419==    by 0x66199B4: call_dissector_work (packet.c:713)
==12419==    by 0x661A06B: dissector_try_uint_new (packet.c:1145)
==12419== 
==12419== Conditional jump or move depends on uninitialised value(s)
==12419==    at 0x4C30C11: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12419==    by 0x67ED5D5: dissect_secchan_verf (packet-dcerpc-netlogon.c:7834)
==12419==    by 0x65E2117: dissect_auth_verf.isra.4 (packet-dcerpc.c:1200)
==12419==    by 0x65E228D: dissect_dcerpc_verifier (packet-dcerpc.c:3078)
==12419==    by 0x6817A50: dissect_dcerpc_cn (packet-dcerpc.c:4112)
==12419==    by 0x68191BB: dissect_dcerpc_cn_bs_body (packet-dcerpc.c:4987)
==12419==    by 0x661AEE9: dissector_try_heuristic (packet.c:2028)
==12419==    by 0x6CFC976: decode_tcp_ports (packet-tcp.c:3970)
==12419==    by 0x6CFCE0E: process_tcp_payload (packet-tcp.c:4016)
==12419==    by 0x6CFD3DF: dissect_tcp_payload (packet-tcp.c:1839)
==12419==    by 0x6CFF07B: dissect_tcp (packet-tcp.c:4913)
==12419==    by 0x6619093: call_dissector_through_handle (packet.c:626)
==12419== 
==12419== Conditional jump or move depends on uninitialised value(s)
==12419==    at 0x4C30C32: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12419==    by 0x67ED5D5: dissect_secchan_verf (packet-dcerpc-netlogon.c:7834)
==12419==    by 0x65E2117: dissect_auth_verf.isra.4 (packet-dcerpc.c:1200)
==12419==    by 0x65E228D: dissect_dcerpc_verifier (packet-dcerpc.c:3078)
==12419==    by 0x6817A50: dissect_dcerpc_cn (packet-dcerpc.c:4112)
==12419==    by 0x68191BB: dissect_dcerpc_cn_bs_body (packet-dcerpc.c:4987)
==12419==    by 0x661AEE9: dissector_try_heuristic (packet.c:2028)
==12419==    by 0x6CFC976: decode_tcp_ports (packet-tcp.c:3970)
==12419==    by 0x6CFCE0E: process_tcp_payload (packet-tcp.c:4016)
==12419==    by 0x6CFD3DF: dissect_tcp_payload (packet-tcp.c:1839)
==12419==    by 0x6CFF07B: dissect_tcp (packet-tcp.c:4913)
==12419==    by 0x6619093: call_dissector_through_handle (packet.c:626)
==12419== 
==12419== 
==12419== HEAP SUMMARY:
==12419==     in use at exit: 1,208,734 bytes in 29,339 blocks
==12419==   total heap usage: 222,623 allocs, 193,284 frees, 28,299,028 bytes
allocated
==12419== 
==12419== LEAK SUMMARY:
==12419==    definitely lost: 5,440 bytes in 179 blocks
==12419==    indirectly lost: 20,264 bytes in 48 blocks
==12419==      possibly lost: 16,384 bytes in 1 blocks
==12419==    still reachable: 1,166,646 bytes in 29,111 blocks
==12419==         suppressed: 0 bytes in 0 blocks
==12419== Rerun with --leak-check=full to see details of leaked memory
==12419== 
==12419== For counts of detected and suppressed errors, rerun with: -v
==12419== Use --track-origins=yes to see where uninitialised values come from
==12419== ERROR SUMMARY: 289 errors from 6 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10312] Buildbot crash output: fuzz-2014-07-25-29443.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10312] Buildbot crash output: fuzz-2014-07-25-29443.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10312] Buildbot crash output: fuzz-2014-07-25-29443.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10312] Buildbot crash output: fuzz-2014-07-25-29443.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10312] Buildbot crash output: fuzz-2014-07-25-29443.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10291] Refreshing interfaces does not reload interfaces
Next by Date: [Wireshark-bugs] [Bug 10180] Allow severity levels of expert info items to be configured by the user
Previous by thread: [Wireshark-bugs] [Bug 9222] Provide complete uninstall instructions
Next by thread: [Wireshark-bugs] [Bug 10312] Buildbot crash output: fuzz-2014-07-25-29443.pcap
Index(es):
- Date
- Thread