Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10429] New: Buildbot crash output: fuzz-2014-08-27-29235.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10429] New: Buildbot crash output: fuzz-2014-08-27-29235.p

Date: Wed, 27 Aug 2014 23:00:03 +0000

Bug ID	10429
Summary	Buildbot crash output: fuzz-2014-08-27-29235.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-08-27-29235.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-08-27-29235.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10693-100030.pcap

Build host information:
Linux wsbb04 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2948
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=ff59722529bd3f9acbe6a234375dea59def2b48e

Return value:  0

Dissector bug:  0

Valgrind error count:  51



Git commit
commit ff59722529bd3f9acbe6a234375dea59def2b48e
Author: Pascal Quantin <[email protected]>
Date:   Tue Aug 26 12:05:49 2014 +0200

    USB: get rid of the remaining proto_tree_add_text instances

    Change-Id: I6acaa32745e32ec5728874549e420468499d9b24
    Reviewed-on: https://code.wireshark.org/review/3860
    Reviewed-by: Pascal Quantin <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==23788== Memcheck, a memory error detector
==23788== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==23788== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==23788== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-08-27-29235.pcap
==23788== 
==23788== Invalid read of size 1
==23788==    at 0x4C2E0F4: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23788==    by 0x6CBCA63: dissect_skinny_displayLabel (packet-skinny.c:2298)
==23788==    by 0x6CBCECC: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5268)
==23788==    by 0x6CB290C: dissect_skinny_pdu (packet-skinny.c:7756)
==23788==    by 0x6D41834: tcp_dissect_pdus (packet-tcp.c:2409)
==23788==    by 0x6CBF918: dissect_skinny (packet-skinny.c:7812)
==23788==    by 0x664AA7E: call_dissector_through_handle (packet.c:622)
==23788==    by 0x664B364: call_dissector_work (packet.c:713)
==23788==    by 0x664BA1B: dissector_try_uint_new (packet.c:1145)
==23788==    by 0x6D41B25: decode_tcp_ports (packet-tcp.c:4044)
==23788==    by 0x6D41ECE: process_tcp_payload (packet-tcp.c:4102)
==23788==    by 0x6D4249F: dissect_tcp_payload (packet-tcp.c:1918)
==23788==  Address 0x11a909b0 is 0 bytes after a block of size 16 alloc'd
==23788==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23788==    by 0x9A18610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23788==    by 0x71699EB: wmem_simple_alloc (wmem_allocator_simple.c:55)
==23788==    by 0x667BB09: tvb_memdup (tvbuff.c:838)
==23788==    by 0x6CBCA08: dissect_skinny_displayLabel (packet-skinny.c:2286)
==23788==    by 0x6CBCECC: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5268)
==23788==    by 0x6CB290C: dissect_skinny_pdu (packet-skinny.c:7756)
==23788==    by 0x6D41834: tcp_dissect_pdus (packet-tcp.c:2409)
==23788==    by 0x6CBF918: dissect_skinny (packet-skinny.c:7812)
==23788==    by 0x664AA7E: call_dissector_through_handle (packet.c:622)
==23788==    by 0x664B364: call_dissector_work (packet.c:713)
==23788==    by 0x664BA1B: dissector_try_uint_new (packet.c:1145)
==23788== 
==23788== Invalid read of size 1
==23788==    at 0x6CBCA8D: dissect_skinny_displayLabel (packet-skinny.c:2296)
==23788==    by 0x6CBCECC: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5268)
==23788==    by 0x6CB290C: dissect_skinny_pdu (packet-skinny.c:7756)
==23788==    by 0x6D41834: tcp_dissect_pdus (packet-tcp.c:2409)
==23788==    by 0x6CBF918: dissect_skinny (packet-skinny.c:7812)
==23788==    by 0x664AA7E: call_dissector_through_handle (packet.c:622)
==23788==    by 0x664B364: call_dissector_work (packet.c:713)
==23788==    by 0x664BA1B: dissector_try_uint_new (packet.c:1145)
==23788==    by 0x6D41B25: decode_tcp_ports (packet-tcp.c:4044)
==23788==    by 0x6D41ECE: process_tcp_payload (packet-tcp.c:4102)
==23788==    by 0x6D4249F: dissect_tcp_payload (packet-tcp.c:1918)
==23788==    by 0x6D4413B: dissect_tcp (packet-tcp.c:4995)
==23788==  Address 0x11a909b0 is 0 bytes after a block of size 16 alloc'd
==23788==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23788==    by 0x9A18610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23788==    by 0x71699EB: wmem_simple_alloc (wmem_allocator_simple.c:55)
==23788==    by 0x667BB09: tvb_memdup (tvbuff.c:838)
==23788==    by 0x6CBCA08: dissect_skinny_displayLabel (packet-skinny.c:2286)
==23788==    by 0x6CBCECC: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5268)
==23788==    by 0x6CB290C: dissect_skinny_pdu (packet-skinny.c:7756)
==23788==    by 0x6D41834: tcp_dissect_pdus (packet-tcp.c:2409)
==23788==    by 0x6CBF918: dissect_skinny (packet-skinny.c:7812)
==23788==    by 0x664AA7E: call_dissector_through_handle (packet.c:622)
==23788==    by 0x664B364: call_dissector_work (packet.c:713)
==23788==    by 0x664BA1B: dissector_try_uint_new (packet.c:1145)
==23788== 
==23788== 
==23788== HEAP SUMMARY:
==23788==     in use at exit: 1,220,043 bytes in 29,763 blocks
==23788==   total heap usage: 230,441 allocs, 200,678 frees, 28,780,350 bytes
allocated
==23788== 
==23788== LEAK SUMMARY:
==23788==    definitely lost: 5,384 bytes in 165 blocks
==23788==    indirectly lost: 37,160 bytes in 49 blocks
==23788==      possibly lost: 0 bytes in 0 blocks
==23788==    still reachable: 1,177,499 bytes in 29,549 blocks
==23788==         suppressed: 0 bytes in 0 blocks
==23788== Rerun with --leak-check=full to see details of leaked memory
==23788== 
==23788== For counts of detected and suppressed errors, rerun with: -v
==23788== ERROR SUMMARY: 51 errors from 2 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10429] Buildbot crash output: fuzz-2014-08-27-29235.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10429] Buildbot crash output: fuzz-2014-08-27-29235.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10429] Buildbot crash output: fuzz-2014-08-27-29235.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10429] Buildbot crash output: fuzz-2014-08-27-29235.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 6922] Wireshark error message for failure to open an rpcap: URL for a remote device is malformed
Next by Date: [Wireshark-bugs] [Bug 10430] New: Cannot install Wireshark 1.12.0 on Mac OS X 10.5
Previous by thread: [Wireshark-bugs] [Bug 3554] Wireshark crash when retrieving a large interface list from a remote source
Next by thread: [Wireshark-bugs] [Bug 10429] Buildbot crash output: fuzz-2014-08-27-29235.pcap
Index(es):
- Date
- Thread