Wireshark-bugs: [Wireshark-bugs] [Bug 10728] New: Buildbot crash output: fuzz-2014-11-25-12025.p

Date: Wed, 26 Nov 2014 07:20:07 +0000
Bug ID 10728
Summary Buildbot crash output: fuzz-2014-11-25-12025.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2014-11-25-12025.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-11-25-12025.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/13224-bad_frame_1.pcap

Build host information:
Linux wsbb04 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3068
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=6dbb97da103731d0abbd4fdeeef16d7af4059fa3

Return value:  0

Dissector bug:  0

Valgrind error count:  192



Git commit
commit 6dbb97da103731d0abbd4fdeeef16d7af4059fa3
Author: Dave Tapuska <[email protected]>
Date:   Mon Nov 17 17:12:36 2014 -0500

    SSL: Implement Extended Master Secret

    Store all handshake mesages in a buffer so that we can hash them
    correctly when generating the master secret.

    This change does not work correctly for DTLS retransmitted packets; that
    are in the handshake as they will be hashed twice; which is bad. Looking
    for ideas to implement this.

    Bug: 10686
    Change-Id: Ied01d4cc37b4270f325070a8d1630d3123577a0d
    Reviewed-on: https://code.wireshark.org/review/5168
    Reviewed-by: Peter Wu <[email protected]>
    Petri-Dish: Alexis La Goutte <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Alexis La Goutte <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh -T

==25922== Memcheck, a memory error detector
==25922== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==25922== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==25922== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-11-25-12025.pcap
==25922== 
==25922== Invalid read of size 1
==25922==    at 0x668BE40: ip6_to_str_buf_len (address_to_str.c:181)
==25922==    by 0x6E14097: wccp_fmt_ipadddress (packet-wccp.c:645)
==25922==    by 0x66B292A: fill_label_number (proto.c:6254)
==25922==    by 0x66BB690: proto_item_fill_label (proto.c:5948)
==25922==    by 0x66AD8AD: proto_tree_print_node (print.c:152)
==25922==    by 0x66B0ADB: proto_tree_children_foreach (proto.c:635)
==25922==    by 0x66AD76D: proto_tree_print_node (print.c:207)
==25922==    by 0x66B0ADB: proto_tree_children_foreach (proto.c:635)
==25922==    by 0x66AD76D: proto_tree_print_node (print.c:207)
==25922==    by 0x66B0ADB: proto_tree_children_foreach (proto.c:635)
==25922==    by 0x66AE3FA: proto_tree_print (print.c:121)
==25922==    by 0x41306A: print_packet (tshark.c:3931)
==25922==  Address 0x11b0fdb0 is 0 bytes inside a block of size 64 free'd
==25922==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==25922==    by 0x71D08FC: wmem_simple_free_all (wmem_allocator_simple.c:107)
==25922==    by 0x71D157B: wmem_leave_packet_scope (wmem_scopes.c:81)
==25922==    by 0x413693: process_packet (tshark.c:3529)
==25922==    by 0x40C7F7: main (tshark.c:3317)
==25922== 
==25922== Invalid read of size 1
==25922==    at 0x668BE44: ip6_to_str_buf_len (address_to_str.c:180)
==25922==    by 0x6E14097: wccp_fmt_ipadddress (packet-wccp.c:645)
==25922==    by 0x66B292A: fill_label_number (proto.c:6254)
==25922==    by 0x66BB690: proto_item_fill_label (proto.c:5948)
==25922==    by 0x66AD8AD: proto_tree_print_node (print.c:152)
==25922==    by 0x66B0ADB: proto_tree_children_foreach (proto.c:635)
==25922==    by 0x66AD76D: proto_tree_print_node (print.c:207)
==25922==    by 0x66B0ADB: proto_tree_children_foreach (proto.c:635)
==25922==    by 0x66AD76D: proto_tree_print_node (print.c:207)
==25922==    by 0x66B0ADB: proto_tree_children_foreach (proto.c:635)
==25922==    by 0x66AE3FA: proto_tree_print (print.c:121)
==25922==    by 0x41306A: print_packet (tshark.c:3931)
==25922==  Address 0x11b0fdb1 is 1 bytes inside a block of size 64 free'd
==25922==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==25922==    by 0x71D08FC: wmem_simple_free_all (wmem_allocator_simple.c:107)
==25922==    by 0x71D157B: wmem_leave_packet_scope (wmem_scopes.c:81)
==25922==    by 0x413693: process_packet (tshark.c:3529)
==25922==    by 0x40C7F7: main (tshark.c:3317)
==25922== 
==25922== 
==25922== HEAP SUMMARY:
==25922==     in use at exit: 1,215,968 bytes in 29,633 blocks
==25922==   total heap usage: 224,234 allocs, 194,601 frees, 28,650,432 bytes
allocated
==25922== 
==25922== LEAK SUMMARY:
==25922==    definitely lost: 3,656 bytes in 156 blocks
==25922==    indirectly lost: 36,744 bytes in 51 blocks
==25922==      possibly lost: 0 bytes in 0 blocks
==25922==    still reachable: 1,175,568 bytes in 29,426 blocks
==25922==         suppressed: 0 bytes in 0 blocks
==25922== Rerun with --leak-check=full to see details of leaked memory
==25922== 
==25922== For counts of detected and suppressed errors, rerun with: -v
==25922== ERROR SUMMARY: 192 errors from 2 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.