Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10433] New: Buildbot crash output: fuzz-2014-08-29-27078.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10433] New: Buildbot crash output: fuzz-2014-08-29-27078.p

Date: Fri, 29 Aug 2014 16:00:03 +0000

Bug ID	10433
Summary	Buildbot crash output: fuzz-2014-08-29-27078.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-08-29-27078.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-08-29-27078.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/12872-7911_CUCM_registration_RFC2833_Disable.pcapng

Build host information:
Linux wsbb04 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2949
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=852493ad7ffca8ce87ea4613517b5acd2834b529

Return value:  0

Dissector bug:  0

Valgrind error count:  544



Git commit
commit 852493ad7ffca8ce87ea4613517b5acd2834b529
Author: Alexis La Goutte <[email protected]>
Date:   Wed Aug 20 19:05:20 2014 +0200

    TCP/UDP/SCTP: fix Dereference of null pointer found by Clang Analyzer

    The warning coming after change in g018b84de8

    Change-Id: Ia96cdb2993a6283d8de2647c6723ec6b2b0977eb
    Reviewed-on: https://code.wireshark.org/review/3752
    Reviewed-by: Evan Huus <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==14673== Memcheck, a memory error detector
==14673== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==14673== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==14673== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-08-29-27078.pcap
==14673== 
==14673== Invalid read of size 1
==14673==    at 0x4C2E0F4: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14673==    by 0x6CBCD0B: dissect_skinny_displayLabel (packet-skinny.c:2295)
==14673==    by 0x6CBD157: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5265)
==14673==    by 0x6CB2BBC: dissect_skinny_pdu (packet-skinny.c:7753)
==14673==    by 0x6D41AD4: tcp_dissect_pdus (packet-tcp.c:2414)
==14673==    by 0x6CBFBA8: dissect_skinny (packet-skinny.c:7809)
==14673==    by 0x664ABEE: call_dissector_through_handle (packet.c:622)
==14673==    by 0x664B4D4: call_dissector_work (packet.c:713)
==14673==    by 0x664BB8B: dissector_try_uint_new (packet.c:1145)
==14673==    by 0x6D41DFB: decode_tcp_ports (packet-tcp.c:4035)
==14673==    by 0x6D4216E: process_tcp_payload (packet-tcp.c:4107)
==14673==    by 0x6D4273F: dissect_tcp_payload (packet-tcp.c:1923)
==14673==  Address 0x11aa9c80 is 0 bytes after a block of size 16 alloc'd
==14673==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14673==    by 0x9A18610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==14673==    by 0x7169C4B: wmem_simple_alloc (wmem_allocator_simple.c:55)
==14673==    by 0x667BC79: tvb_memdup (tvbuff.c:838)
==14673==    by 0x6CBCCB4: dissect_skinny_displayLabel (packet-skinny.c:2283)
==14673==    by 0x6CBD157: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5265)
==14673==    by 0x6CB2BBC: dissect_skinny_pdu (packet-skinny.c:7753)
==14673==    by 0x6D41AD4: tcp_dissect_pdus (packet-tcp.c:2414)
==14673==    by 0x6CBFBA8: dissect_skinny (packet-skinny.c:7809)
==14673==    by 0x664ABEE: call_dissector_through_handle (packet.c:622)
==14673==    by 0x664B4D4: call_dissector_work (packet.c:713)
==14673==    by 0x664BB8B: dissector_try_uint_new (packet.c:1145)
==14673== 
==14673== Invalid read of size 1
==14673==    at 0x6CBCD39: dissect_skinny_displayLabel (packet-skinny.c:2293)
==14673==    by 0x6CBD157: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5265)
==14673==    by 0x6CB2BBC: dissect_skinny_pdu (packet-skinny.c:7753)
==14673==    by 0x6D41AD4: tcp_dissect_pdus (packet-tcp.c:2414)
==14673==    by 0x6CBFBA8: dissect_skinny (packet-skinny.c:7809)
==14673==    by 0x664ABEE: call_dissector_through_handle (packet.c:622)
==14673==    by 0x664B4D4: call_dissector_work (packet.c:713)
==14673==    by 0x664BB8B: dissector_try_uint_new (packet.c:1145)
==14673==    by 0x6D41DFB: decode_tcp_ports (packet-tcp.c:4035)
==14673==    by 0x6D4216E: process_tcp_payload (packet-tcp.c:4107)
==14673==    by 0x6D4273F: dissect_tcp_payload (packet-tcp.c:1923)
==14673==    by 0x6D443DB: dissect_tcp (packet-tcp.c:5000)
==14673==  Address 0x11aa9c80 is 0 bytes after a block of size 16 alloc'd
==14673==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14673==    by 0x9A18610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==14673==    by 0x7169C4B: wmem_simple_alloc (wmem_allocator_simple.c:55)
==14673==    by 0x667BC79: tvb_memdup (tvbuff.c:838)
==14673==    by 0x6CBCCB4: dissect_skinny_displayLabel (packet-skinny.c:2283)
==14673==    by 0x6CBD157: handle_SoftKeyTemplateResMessage
(packet-skinny.c:5265)
==14673==    by 0x6CB2BBC: dissect_skinny_pdu (packet-skinny.c:7753)
==14673==    by 0x6D41AD4: tcp_dissect_pdus (packet-tcp.c:2414)
==14673==    by 0x6CBFBA8: dissect_skinny (packet-skinny.c:7809)
==14673==    by 0x664ABEE: call_dissector_through_handle (packet.c:622)
==14673==    by 0x664B4D4: call_dissector_work (packet.c:713)
==14673==    by 0x664BB8B: dissector_try_uint_new (packet.c:1145)
==14673== 
==14673== 
==14673== HEAP SUMMARY:
==14673==     in use at exit: 1,239,846 bytes in 29,765 blocks
==14673==   total heap usage: 286,197 allocs, 256,432 frees, 30,807,676 bytes
allocated
==14673== 
==14673== LEAK SUMMARY:
==14673==    definitely lost: 5,475 bytes in 167 blocks
==14673==    indirectly lost: 37,160 bytes in 49 blocks
==14673==      possibly lost: 0 bytes in 0 blocks
==14673==    still reachable: 1,197,211 bytes in 29,549 blocks
==14673==         suppressed: 0 bytes in 0 blocks
==14673== Rerun with --leak-check=full to see details of leaked memory
==14673== 
==14673== For counts of detected and suppressed errors, rerun with: -v
==14673== ERROR SUMMARY: 544 errors from 2 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10433] Buildbot crash output: fuzz-2014-08-29-27078.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10122] Buildbot crash output: fuzz-2014-05-20-5906.pcap
Next by Date: [Wireshark-bugs] [Bug 10434] New: GUI Hangs when Selecting Path to GeoIP Files
Previous by thread: [Wireshark-bugs] [Bug 10432] Not decoding netflow v9 flowset that uses options template
Next by thread: [Wireshark-bugs] [Bug 10433] Buildbot crash output: fuzz-2014-08-29-27078.pcap
Index(es):
- Date
- Thread