Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10628] New: Buildbot crash output: fuzz-2014-10-24-10130.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10628] New: Buildbot crash output: fuzz-2014-10-24-10130.p

Date: Sat, 25 Oct 2014 13:10:03 +0000

Bug ID	10628
Summary	Buildbot crash output: fuzz-2014-10-24-10130.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-10-24-10130.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-10-24-10130.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/78-broken-3-manual-copy.sniff

Build host information:
Linux wsbb04 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3011
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=a0d5ef8ff74b278a3665637f94691bd4c56e27a6

Return value:  0

Dissector bug:  0

Valgrind error count:  10



Git commit
commit a0d5ef8ff74b278a3665637f94691bd4c56e27a6
Author: Stig Bjørlykke <[email protected]>
Date:   Tue Oct 21 13:36:16 2014 +0200

    Lua: Added support for FT_EUI64.

    Bug: 10603
    Change-Id: I21da496834b83466585f5b77f87970e3fab28b12
    Reviewed-on: https://code.wireshark.org/review/4894
    Reviewed-by: Michael Mann <[email protected]>
    Reviewed-by: Hadriel Kaplan <[email protected]>
    Reviewed-by: Stig Bjørlykke <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh -T

==12412== Memcheck, a memory error detector
==12412== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==12412== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==12412== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-10-24-10130.pcap
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0x6B682EC: build_expert_data.isra.6 (packet-ncp2222.inc:2799)
==12412==    by 0x6B70EAB: dissect_ncp_request (packet-ncp2222.inc:7837)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0x6B682EC: build_expert_data.isra.6 (packet-ncp2222.inc:2799)
==12412==    by 0x6B70EF0: dissect_ncp_request (packet-ncp2222.inc:7840)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Use of uninitialised value of size 8
==12412==    at 0xA741417: ____strtol_l_internal (strtol_l.c:298)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0xA741438: ____strtol_l_internal (strtol_l.c:300)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0xA741442: ____strtol_l_internal (strtol_l.c:305)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0xA741454: ____strtol_l_internal (strtol_l.c:310)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0xA74145E: ____strtol_l_internal (strtol_l.c:314)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0xA7414A1: ____strtol_l_internal (strtol_l.c:438)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Conditional jump or move depends on uninitialised value(s)
==12412==    at 0xA7414CD: ____strtol_l_internal (strtol_l.c:442)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== Use of uninitialised value of size 8
==12412==    at 0xA74163D: ____strtol_l_internal (strtol_l.c:466)
==12412==    by 0x6B70F04: dissect_ncp_request (stdlib.h:280)
==12412==    by 0x6B7D256: dissect_ncp_common (packet-ncp.c:780)
==12412==    by 0x6B7D49D: dissect_ncp_tcp_pdu (packet-ncp.c:907)
==12412==    by 0x6D909C4: tcp_dissect_pdus (packet-tcp.c:2414)
==12412==    by 0x6B7C34F: dissect_ncp_tcp (packet-ncp.c:914)
==12412==    by 0x669490E: call_dissector_through_handle (packet.c:621)
==12412==    by 0x66951F4: call_dissector_work (packet.c:712)
==12412==    by 0x66958AB: dissector_try_uint_new (packet.c:1144)
==12412==    by 0x6D90CEB: decode_tcp_ports (packet-tcp.c:4035)
==12412==    by 0x6D9105E: process_tcp_payload (packet-tcp.c:4107)
==12412==    by 0x6D9162F: dissect_tcp_payload (packet-tcp.c:1923)
==12412== 
==12412== 
==12412== HEAP SUMMARY:
==12412==     in use at exit: 1,359,333 bytes in 33,710 blocks
==12412==   total heap usage: 1,269,642 allocs, 1,235,932 frees, 105,219,581
bytes allocated
==12412== 
==12412== LEAK SUMMARY:
==12412==    definitely lost: 4,025 bytes in 185 blocks
==12412==    indirectly lost: 36,648 bytes in 49 blocks
==12412==      possibly lost: 0 bytes in 0 blocks
==12412==    still reachable: 1,318,660 bytes in 33,476 blocks
==12412==         suppressed: 0 bytes in 0 blocks
==12412== Rerun with --leak-check=full to see details of leaked memory
==12412== 
==12412== For counts of detected and suppressed errors, rerun with: -v
==12412== Use --track-origins=yes to see where uninitialised values come from
==12412== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10628] Buildbot crash output: fuzz-2014-10-24-10130.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10628] Buildbot crash output: fuzz-2014-10-24-10130.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10628] Buildbot crash output: fuzz-2014-10-24-10130.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10628] Buildbot crash output: fuzz-2014-10-24-10130.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10628] Buildbot crash output: fuzz-2014-10-24-10130.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10628] Buildbot crash output: fuzz-2014-10-24-10130.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10627] New: IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly
Next by Date: [Wireshark-bugs] [Bug 6392] wireshark fails to detect a couple of tcp packet as being a new PDU
Previous by thread: [Wireshark-bugs] [Bug 10627] IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly
Next by thread: [Wireshark-bugs] [Bug 10628] Buildbot crash output: fuzz-2014-10-24-10130.pcap
Index(es):
- Date
- Thread