Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10468] New: Buildbot crash output: fuzz-2014-09-13-26389.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10468] New: Buildbot crash output: fuzz-2014-09-13-26389.p

Date: Sun, 14 Sep 2014 20:00:03 +0000
Bug ID	10468
Summary	Buildbot crash output: fuzz-2014-09-13-26389.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-09-13-26389.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-09-13-26389.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/7480-ARDATA_V10.pcap

Build host information:
Linux wsbb04 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2963
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=887f7f17e8b1d82a600fe25dbd96a682c30bd2c1

Return value:  0

Dissector bug:  0

Valgrind error count:  11



Git commit
commit 887f7f17e8b1d82a600fe25dbd96a682c30bd2c1
Author: Guy Harris <[email protected]>
Date:   Fri Sep 12 01:01:00 2014 -0700

    Register hfi_rip_zero_padding.

    Also, sort the hfi[] array to be in the same order as the declarations
    of the fields, to make it easier to check that all fields are being
    registered.

    Change-Id: Ida530590ebd00bbf206e0f6041b8da880bce2c6f
    Reviewed-on: https://code.wireshark.org/review/4089
    Reviewed-by: Guy Harris <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==5768== Memcheck, a memory error detector
==5768== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==5768== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==5768== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-09-13-26389.pcap
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6837297: dissect_ndr_uint3264 (packet-dcerpc-ndr.c:239)
==5768==    by 0x686781C: dissect_ndr_ucvarray_core (packet-dcerpc.c:1785)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCB9: dissect_deferred_pointers (packet-dcerpc.c:2319)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768==    by 0x686A5DE: dissect_dcerpc_dg_stub.constprop.13
(packet-dcerpc.c:5297)
==5768==    by 0x686B516: dissect_dcerpc_dg (packet-dcerpc.c:5509)
==5768==    by 0x6666EE9: dissector_try_heuristic (packet.c:2028)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6837297: dissect_ndr_uint3264 (packet-dcerpc-ndr.c:239)
==5768==    by 0x686786C: dissect_ndr_ucvarray_core (packet-dcerpc.c:1790)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCB9: dissect_deferred_pointers (packet-dcerpc.c:2319)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768==    by 0x686A5DE: dissect_dcerpc_dg_stub.constprop.13
(packet-dcerpc.c:5297)
==5768==    by 0x686B516: dissect_dcerpc_dg (packet-dcerpc.c:5509)
==5768==    by 0x6666EE9: dissector_try_heuristic (packet.c:2028)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6837297: dissect_ndr_uint3264 (packet-dcerpc-ndr.c:239)
==5768==    by 0x68678B7: dissect_ndr_ucvarray_core (packet-dcerpc.c:1795)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCB9: dissect_deferred_pointers (packet-dcerpc.c:2319)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768==    by 0x686A5DE: dissect_dcerpc_dg_stub.constprop.13
(packet-dcerpc.c:5297)
==5768==    by 0x686B516: dissect_dcerpc_dg (packet-dcerpc.c:5509)
==5768==    by 0x6666EE9: dissector_try_heuristic (packet.c:2028)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6837297: dissect_ndr_uint3264 (packet-dcerpc-ndr.c:239)
==5768==    by 0x686BE0D: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2642)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x68273CD: epm_dissect_ept_entry_t (packet-dcerpc-epm.c:175)
==5768==    by 0x68679B8: dissect_ndr_ucvarray_core (packet-dcerpc.c:1814)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6695B1A: tvb_ensure_bytes_exist (tvbuff.c:542)
==5768==    by 0x686BE21: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2644)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x68273CD: epm_dissect_ept_entry_t (packet-dcerpc-epm.c:175)
==5768==    by 0x68679B8: dissect_ndr_ucvarray_core (packet-dcerpc.c:1814)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6695B20: tvb_ensure_bytes_exist (tvbuff.c:551)
==5768==    by 0x686BE21: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2644)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x68273CD: epm_dissect_ept_entry_t (packet-dcerpc-epm.c:175)
==5768==    by 0x68679B8: dissect_ndr_ucvarray_core (packet-dcerpc.c:1814)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6695B27: tvb_ensure_bytes_exist (tvbuff.c:553)
==5768==    by 0x686BE21: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2644)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x68273CD: epm_dissect_ept_entry_t (packet-dcerpc-epm.c:175)
==5768==    by 0x68679B8: dissect_ndr_ucvarray_core (packet-dcerpc.c:1814)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6695B2B: tvb_ensure_bytes_exist (tvbuff.c:584)
==5768==    by 0x686BE21: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2644)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x68273CD: epm_dissect_ept_entry_t (packet-dcerpc-epm.c:175)
==5768==    by 0x68679B8: dissect_ndr_ucvarray_core (packet-dcerpc.c:1814)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6695B30: tvb_ensure_bytes_exist (tvbuff.c:587)
==5768==    by 0x686BE21: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2644)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x68273CD: epm_dissect_ept_entry_t (packet-dcerpc-epm.c:175)
==5768==    by 0x68679B8: dissect_ndr_ucvarray_core (packet-dcerpc.c:1814)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x68680F3: add_pointer_to_list.isra.1 (packet-dcerpc.c:2412)
==5768==    by 0x686C23F: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2672)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x68273CD: epm_dissect_ept_entry_t (packet-dcerpc-epm.c:175)
==5768==    by 0x68679B8: dissect_ndr_ucvarray_core (packet-dcerpc.c:1814)
==5768==    by 0x686902A: dissect_ndr_ucvarray (packet-dcerpc.c:1837)
==5768==    by 0x68268E3: epm_dissect_ept_entry_t_array
(packet-dcerpc-epm.c:204)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768== 
==5768== Conditional jump or move depends on uninitialised value(s)
==5768==    at 0x6837297: dissect_ndr_uint3264 (packet-dcerpc-ndr.c:239)
==5768==    by 0x6826A76: epm_dissect_tower (packet-dcerpc-epm.c:480)
==5768==    by 0x686BCEC: dissect_deferred_pointers (packet-dcerpc.c:2370)
==5768==    by 0x686C093: dissect_ndr_pointer_cb.part.10 (packet-dcerpc.c:2684)
==5768==    by 0x686C50F: dissect_ndr_pointer (packet-dcerpc.c:2699)
==5768==    by 0x6826606: epm_dissect_ept_lookup_resp (packet-dcerpc-epm.c:221)
==5768==    by 0x686A26D: dcerpc_try_handoff (packet-dcerpc.c:2974)
==5768==    by 0x686A5DE: dissect_dcerpc_dg_stub.constprop.13
(packet-dcerpc.c:5297)
==5768==    by 0x686B516: dissect_dcerpc_dg (packet-dcerpc.c:5509)
==5768==    by 0x6666EE9: dissector_try_heuristic (packet.c:2028)
==5768==    by 0x6D966FA: decode_udp_ports (packet-udp.c:501)
==5768==    by 0x6D97036: dissect (packet-udp.c:839)
==5768== 
==5768== 
==5768== HEAP SUMMARY:
==5768==     in use at exit: 1,215,202 bytes in 29,582 blocks
==5768==   total heap usage: 223,164 allocs, 193,582 frees, 28,461,533 bytes
allocated
==5768== 
==5768== LEAK SUMMARY:
==5768==    definitely lost: 5,384 bytes in 165 blocks
==5768==    indirectly lost: 36,648 bytes in 49 blocks
==5768==      possibly lost: 0 bytes in 0 blocks
==5768==    still reachable: 1,173,170 bytes in 29,368 blocks
==5768==         suppressed: 0 bytes in 0 blocks
==5768== Rerun with --leak-check=full to see details of leaked memory
==5768== 
==5768== For counts of detected and suppressed errors, rerun with: -v
==5768== Use --track-origins=yes to see where uninitialised values come from
==5768== ERROR SUMMARY: 11 errors from 11 contexts (suppressed: 0 from 0)

[ no debug trace ]
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 10468] Buildbot crash output: fuzz-2014-09-13-26389.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 10329] Probably wrong length check in proto_item_set_end
Next by Date: [Wireshark-bugs] [Bug 8846] MUL_DPKTS decode for netflow needs 64 bit option
Previous by thread: [Wireshark-bugs] [Bug 10399] BGP4 : Wireshark skipped some potion of AS_PATH
Next by thread: [Wireshark-bugs] [Bug 10468] Buildbot crash output: fuzz-2014-09-13-26389.pcap
Index(es):
- Date
- Thread