Wireshark-bugs: [Wireshark-bugs] [Bug 10454] New: Buildbot crash output: fuzz-2014-09-07-19671.p

Date: Sun, 07 Sep 2014 22:50:02 +0000
Bug ID 10454
Summary Buildbot crash output: fuzz-2014-09-07-19671.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2014-09-07-19671.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-09-07-19671.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/5640-TSTI11_DSA.TRC

Build host information:
Linux wsbb04 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2960
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=56ae87a3dd471918a5a0c2f579f7f2a761d446aa

Return value:  0

Dissector bug:  0

Valgrind error count:  6



Git commit
commit 56ae87a3dd471918a5a0c2f579f7f2a761d446aa
Author: Jeff Morriss <[email protected]>
Date:   Fri Sep 5 10:42:02 2014 -0400

    Fix compilation when we don't HAVE_GEOIP.

    Change-Id: Ib72178aab69c266cb903ef5ad5587cc0b80eb1fd
    Reviewed-on: https://code.wireshark.org/review/4007
    Reviewed-by: Michael Mann <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==8248== Memcheck, a memory error detector
==8248== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==8248== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==8248== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-09-07-19671.pcap
==8248== 
==8248== Conditional jump or move depends on uninitialised value(s)
==8248==    at 0x6F45C04: dissect_ros_T_argument (ros.cnf:39)
==8248==    by 0x675FB0B: dissect_ber_sequence (packet-ber.c:2384)
==8248==    by 0x6F44BDF: dissect_ros_Invoke (ros.cnf:63)
==8248==    by 0x675DEC4: dissect_ber_choice (packet-ber.c:2895)
==8248==    by 0x6F44F3E: dissect_ros (ros.cnf:199)
==8248==    by 0x666275E: call_dissector_through_handle (packet.c:622)
==8248==    by 0x6663044: call_dissector_work (packet.c:713)
==8248==    by 0x66639D2: dissector_try_string (packet.c:1420)
==8248==    by 0x675EEB6: call_ber_oid_callback (packet-ber.c:1074)
==8248==    by 0x6F280CF: dissect_pres_T_single_ASN1_type (pres.cnf:42)
==8248==    by 0x675DEC4: dissect_ber_choice (packet-ber.c:2895)
==8248==    by 0x6F271BF: dissect_pres_T_presentation_data_values (pres.cnf:99)
==8248== 
==8248== Use of uninitialised value of size 8
==8248==    at 0x9A4D593: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==8248==    by 0x6F27A22: find_oid_by_pres_ctx_id (packet-pres-template.c:197)
==8248==    by 0x6F45C20: dissect_ros_T_argument (ros.cnf:39)
==8248==    by 0x675FB0B: dissect_ber_sequence (packet-ber.c:2384)
==8248==    by 0x6F44BDF: dissect_ros_Invoke (ros.cnf:63)
==8248==    by 0x675DEC4: dissect_ber_choice (packet-ber.c:2895)
==8248==    by 0x6F44F3E: dissect_ros (ros.cnf:199)
==8248==    by 0x666275E: call_dissector_through_handle (packet.c:622)
==8248==    by 0x6663044: call_dissector_work (packet.c:713)
==8248==    by 0x66639D2: dissector_try_string (packet.c:1420)
==8248==    by 0x675EEB6: call_ber_oid_callback (packet-ber.c:1074)
==8248==    by 0x6F280CF: dissect_pres_T_single_ASN1_type (pres.cnf:42)
==8248== 
==8248== Conditional jump or move depends on uninitialised value(s)
==8248==    at 0x9A4D5CC: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==8248==    by 0x6F27A22: find_oid_by_pres_ctx_id (packet-pres-template.c:197)
==8248==    by 0x6F45C20: dissect_ros_T_argument (ros.cnf:39)
==8248==    by 0x675FB0B: dissect_ber_sequence (packet-ber.c:2384)
==8248==    by 0x6F44BDF: dissect_ros_Invoke (ros.cnf:63)
==8248==    by 0x675DEC4: dissect_ber_choice (packet-ber.c:2895)
==8248==    by 0x6F44F3E: dissect_ros (ros.cnf:199)
==8248==    by 0x666275E: call_dissector_through_handle (packet.c:622)
==8248==    by 0x6663044: call_dissector_work (packet.c:713)
==8248==    by 0x66639D2: dissector_try_string (packet.c:1420)
==8248==    by 0x675EEB6: call_ber_oid_callback (packet-ber.c:1074)
==8248==    by 0x6F280CF: dissect_pres_T_single_ASN1_type (pres.cnf:42)
==8248== 
==8248== Use of uninitialised value of size 8
==8248==    at 0x9A4D5C2: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==8248==    by 0x6F27A22: find_oid_by_pres_ctx_id (packet-pres-template.c:197)
==8248==    by 0x6F45C20: dissect_ros_T_argument (ros.cnf:39)
==8248==    by 0x675FB0B: dissect_ber_sequence (packet-ber.c:2384)
==8248==    by 0x6F44BDF: dissect_ros_Invoke (ros.cnf:63)
==8248==    by 0x675DEC4: dissect_ber_choice (packet-ber.c:2895)
==8248==    by 0x6F44F3E: dissect_ros (ros.cnf:199)
==8248==    by 0x666275E: call_dissector_through_handle (packet.c:622)
==8248==    by 0x6663044: call_dissector_work (packet.c:713)
==8248==    by 0x66639D2: dissector_try_string (packet.c:1420)
==8248==    by 0x675EEB6: call_ber_oid_callback (packet-ber.c:1074)
==8248==    by 0x6F280CF: dissect_pres_T_single_ASN1_type (pres.cnf:42)
==8248== 
==8248== 
==8248== HEAP SUMMARY:
==8248==     in use at exit: 1,214,988 bytes in 29,579 blocks
==8248==   total heap usage: 225,212 allocs, 195,633 frees, 28,512,802 bytes
allocated
==8248== 
==8248== LEAK SUMMARY:
==8248==    definitely lost: 5,400 bytes in 166 blocks
==8248==    indirectly lost: 36,648 bytes in 49 blocks
==8248==      possibly lost: 0 bytes in 0 blocks
==8248==    still reachable: 1,172,940 bytes in 29,364 blocks
==8248==         suppressed: 0 bytes in 0 blocks
==8248== Rerun with --leak-check=full to see details of leaked memory
==8248== 
==8248== For counts of detected and suppressed errors, rerun with: -v
==8248== Use --track-origins=yes to see where uninitialised values come from
==8248== ERROR SUMMARY: 6 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.