Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10697] New: Buildbot crash output: fuzz-2014-11-12-27529.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10697] New: Buildbot crash output: fuzz-2014-11-12-27529.p

Date: Thu, 13 Nov 2014 02:10:02 +0000

Bug ID	10697
Summary	Buildbot crash output: fuzz-2014-11-12-27529.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-11-12-27529.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-11-12-27529.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/10783-traces_lass-pc-8.10.1.cap.gz

Build host information:
Linux wsbb04 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3057
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=6df5252c2ca10af9bb0ab393da09e021d668d23d

Return value:  0

Dissector bug:  0

Valgrind error count:  162



Git commit
commit 6df5252c2ca10af9bb0ab393da09e021d668d23d
Author: Michael Mann <[email protected]>
Date:   Sun Nov 9 15:44:56 2014 -0500

    Add Decode As functionality for MPLS PW Associated Channel Type.

    Add CFM and MPLS dissector as possible decoders.

    Bug: 10574
    Change-Id: Ic39c6b8d68b965ff9d342f5ee789a8eff3134a5a
    Reviewed-on: https://code.wireshark.org/review/4935
    Petri-Dish: Michael Mann <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Michael Mann <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==22391== Memcheck, a memory error detector
==22391== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==22391== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==22391== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-11-12-27529.pcap
==22391== 
==22391== Invalid read of size 1
==22391==    at 0x4C2F1B1: strcmp (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x9AD3FC8: g_str_equal (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x9AD30BF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x66DB4F4: Radiuslex (radius_dict.l:341)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==    by 0x669D39B: dissector_try_uint_new (packet.c:1144)
==22391==  Address 0x124660e0 is 0 bytes inside a block of size 9 free'd
==22391==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x66DB4B9: Radiuslex (radius_dict.l:337)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==    by 0x669D39B: dissector_try_uint_new (packet.c:1144)
==22391==    by 0x669D3E6: dissector_try_uint (packet.c:1170)
==22391==    by 0x6DCFC19: decode_udp_ports (packet-udp.c:493)
==22391== 
==22391== Invalid read of size 1
==22391==    at 0x4C2F1C8: strcmp (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x9AD3FC8: g_str_equal (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x9AD30BF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x66DB4F4: Radiuslex (radius_dict.l:341)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==    by 0x669D39B: dissector_try_uint_new (packet.c:1144)
==22391==  Address 0x124660e1 is 1 bytes inside a block of size 9 free'd
==22391==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x66DB4B9: Radiuslex (radius_dict.l:337)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==    by 0x669D39B: dissector_try_uint_new (packet.c:1144)
==22391==    by 0x669D3E6: dissector_try_uint (packet.c:1170)
==22391==    by 0x6DCFC19: decode_udp_ports (packet-udp.c:493)
==22391== 
==22391== Invalid read of size 1
==22391==    at 0x4C2F1B1: strcmp (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x9AD3FC8: g_str_equal (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x9AD35EF: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x66DA9CD: add_attribute (radius_dict.l:359)
==22391==    by 0x66DBAFF: Radiuslex (radius_dict.l:234)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==  Address 0x124660e0 is 0 bytes inside a block of size 9 free'd
==22391==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x66DB4B9: Radiuslex (radius_dict.l:337)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==    by 0x669D39B: dissector_try_uint_new (packet.c:1144)
==22391==    by 0x669D3E6: dissector_try_uint (packet.c:1170)
==22391==    by 0x6DCFC19: decode_udp_ports (packet-udp.c:493)
==22391== 
==22391== Invalid read of size 1
==22391==    at 0x4C2F1C8: strcmp (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x9AD3FC8: g_str_equal (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x9AD35EF: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==22391==    by 0x66DA9CD: add_attribute (radius_dict.l:359)
==22391==    by 0x66DBAFF: Radiuslex (radius_dict.l:234)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==  Address 0x124660e1 is 1 bytes inside a block of size 9 free'd
==22391==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22391==    by 0x66DB4B9: Radiuslex (radius_dict.l:337)
==22391==    by 0x66DC76A: radius_load_dictionary (radius_dict.l:562)
==22391==    by 0x6C5191F: register_radius_fields (packet-radius.c:2055)
==22391==    by 0x66A9FED: proto_registrar_get_byname (proto.c:878)
==22391==    by 0x6C502F6: dissect_attribute_value_pairs (packet-radius.c:994)
==22391==    by 0x6C51382: dissect_radius (packet-radius.c:1715)
==22391==    by 0x669C3FE: call_dissector_through_handle (packet.c:621)
==22391==    by 0x669CCE4: call_dissector_work (packet.c:712)
==22391==    by 0x669D39B: dissector_try_uint_new (packet.c:1144)
==22391==    by 0x669D3E6: dissector_try_uint (packet.c:1170)
==22391==    by 0x6DCFC19: decode_udp_ports (packet-udp.c:493)
==22391== 
==22391== 
==22391== HEAP SUMMARY:
==22391==     in use at exit: 2,364,069 bytes in 47,794 blocks
==22391==   total heap usage: 346,536 allocs, 298,742 frees, 50,982,783 bytes
allocated
==22391== 
==22391== LEAK SUMMARY:
==22391==    definitely lost: 3,600 bytes in 157 blocks
==22391==    indirectly lost: 36,664 bytes in 50 blocks
==22391==      possibly lost: 0 bytes in 0 blocks
==22391==    still reachable: 2,323,805 bytes in 47,587 blocks
==22391==         suppressed: 0 bytes in 0 blocks
==22391== Rerun with --leak-check=full to see details of leaked memory
==22391== 
==22391== For counts of detected and suppressed errors, rerun with: -v
==22391== ERROR SUMMARY: 162 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10697] Buildbot crash output: fuzz-2014-11-12-27529.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10307] no progress line in "VOIP RTP Player"
Next by Date: [Wireshark-bugs] [Bug 10697] Buildbot crash output: fuzz-2014-11-12-27529.pcap
Previous by thread: [Wireshark-bugs] [Bug 10307] no progress line in "VOIP RTP Player"
Next by thread: [Wireshark-bugs] [Bug 10697] Buildbot crash output: fuzz-2014-11-12-27529.pcap
Index(es):
- Date
- Thread