Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10396] New: Buildbot crash output: fuzz-2014-08-20-25708.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10396] New: Buildbot crash output: fuzz-2014-08-20-25708.p

Date: Wed, 20 Aug 2014 04:20:02 +0000

Bug ID	10396
Summary	Buildbot crash output: fuzz-2014-08-20-25708.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-08-20-25708.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-08-20-25708.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/11032-packet-btsdp.pcap

Build host information:
Linux wsbb04 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2931
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=8f0d81d332ec77ba14917ab3ac642d8945a528df

Return value:  0

Dissector bug:  0

Valgrind error count:  1355



Git commit
commit 8f0d81d332ec77ba14917ab3ac642d8945a528df
Author: Marian Ďurkovič <[email protected]>
Date:   Mon Aug 18 09:14:30 2014 +0200

    TRILL TREE Sub-TLV fixes

    1) Fix starting tree number
    2) Display Nicknames both in hex and dec

    Change-Id: If58d034e98429019d769ebe7be635a296e8ef18d
    Reviewed-on: https://code.wireshark.org/review/3687
    Petri-Dish: Evan Huus <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Evan Huus <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==3225== Memcheck, a memory error detector
==3225== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==3225== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==3225== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-08-20-25708.pcap
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x7155F85: lookup_or_insert32 (wmem_tree.c:329)
==3225==    by 0x7156287: wmem_tree_insert32_array (wmem_tree.c:565)
==3225==    by 0x677FFB9: save_remote_device_name.isra.58.part.59
(packet-bthci_evt.c:952)
==3225==    by 0x6781862: dissect_bthci_evt (packet-bthci_evt.c:3560)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x71558A5: wmem_tree_lookup32 (wmem_tree.c:379)
==3225==    by 0x7155AF2: wmem_tree_lookup32_array_helper (wmem_tree.c:596)
==3225==    by 0x67780F2: dissect_bthci_acl (packet-bthci_acl.c:230)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225==    by 0x68EE730: dissect_frame (packet-frame.c:497)
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x71558A9: wmem_tree_lookup32 (wmem_tree.c:382)
==3225==    by 0x7155AF2: wmem_tree_lookup32_array_helper (wmem_tree.c:596)
==3225==    by 0x67780F2: dissect_bthci_acl (packet-bthci_acl.c:230)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225==    by 0x68EE730: dissect_frame (packet-frame.c:497)
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x71558C0: wmem_tree_lookup32 (wmem_tree.c:385)
==3225==    by 0x7155AF2: wmem_tree_lookup32_array_helper (wmem_tree.c:596)
==3225==    by 0x67780F2: dissect_bthci_acl (packet-bthci_acl.c:230)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225==    by 0x68EE730: dissect_frame (packet-frame.c:497)
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x7155F85: lookup_or_insert32 (wmem_tree.c:329)
==3225==    by 0x7156287: wmem_tree_insert32_array (wmem_tree.c:565)
==3225==    by 0x6780CC0: dissect_bthci_evt (packet-bthci_evt.c:1327)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225==    by 0x68EE730: dissect_frame (packet-frame.c:497)
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x7155F87: lookup_or_insert32 (wmem_tree.c:335)
==3225==    by 0x7156287: wmem_tree_insert32_array (wmem_tree.c:565)
==3225==    by 0x6780CC0: dissect_bthci_evt (packet-bthci_evt.c:1327)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225==    by 0x68EE730: dissect_frame (packet-frame.c:497)
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x7155FD0: lookup_or_insert32 (wmem_tree.c:347)
==3225==    by 0x7156287: wmem_tree_insert32_array (wmem_tree.c:565)
==3225==    by 0x6780CC0: dissect_bthci_evt (packet-bthci_evt.c:1327)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225==    by 0x68EE730: dissect_frame (packet-frame.c:497)
==3225== 
==3225== Conditional jump or move depends on uninitialised value(s)
==3225==    at 0x7155F9C: lookup_or_insert32 (wmem_tree.c:329)
==3225==    by 0x7156287: wmem_tree_insert32_array (wmem_tree.c:565)
==3225==    by 0x6780CC0: dissect_bthci_evt (packet-bthci_evt.c:1327)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x6981E9C: dissect_hci_h4 (packet-hci_h4.c:135)
==3225==    by 0x663CF2E: call_dissector_through_handle (packet.c:622)
==3225==    by 0x663D814: call_dissector_work (packet.c:713)
==3225==    by 0x663DECB: dissector_try_uint_new (packet.c:1145)
==3225==    by 0x663DF26: dissector_try_uint (packet.c:1171)
==3225==    by 0x68EE730: dissect_frame (packet-frame.c:497)
==3225== 
==3225== 
==3225== HEAP SUMMARY:
==3225==     in use at exit: 1,213,159 bytes in 29,500 blocks
==3225==   total heap usage: 301,184 allocs, 271,684 frees, 33,213,003 bytes
allocated
==3225== 
==3225== LEAK SUMMARY:
==3225==    definitely lost: 5,384 bytes in 165 blocks
==3225==    indirectly lost: 36,648 bytes in 49 blocks
==3225==      possibly lost: 0 bytes in 0 blocks
==3225==    still reachable: 1,171,127 bytes in 29,286 blocks
==3225==         suppressed: 0 bytes in 0 blocks
==3225== Rerun with --leak-check=full to see details of leaked memory
==3225== 
==3225== For counts of detected and suppressed errors, rerun with: -v
==3225== Use --track-origins=yes to see where uninitialised values come from
==3225== ERROR SUMMARY: 1355 errors from 8 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10396] Buildbot crash output: fuzz-2014-08-20-25708.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10396] Buildbot crash output: fuzz-2014-08-20-25708.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10396] Buildbot crash output: fuzz-2014-08-20-25708.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10396] Buildbot crash output: fuzz-2014-08-20-25708.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9879] Implement a dissector for RFC 5918
Next by Date: [Wireshark-bugs] [Bug 10394] Wireshark freezes under heavy load on single gigabit network.
Previous by thread: [Wireshark-bugs] [Bug 10395] Buildbot crash output: fuzz-2014-08-18-19935.pcap
Next by thread: [Wireshark-bugs] [Bug 10396] Buildbot crash output: fuzz-2014-08-20-25708.pcap
Index(es):
- Date
- Thread