Wireshark-bugs: [Wireshark-bugs] [Bug 10830] New: Buildbot crash output: fuzz-2015-01-03-20465.p

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 04 Jan 2015 17:50:03 +0000
Bug ID 10830
Summary Buildbot crash output: fuzz-2015-01-03-20465.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-01-03-20465.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-01-03-20465.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/9630-ATLAS_FTAM_TCP_TRACE_2012110713400115.pcap

Build host information:
Linux wsbb04 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3094
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=445ddc833669e8cff7e66b268d4b4b77faa504cc

Return value:  0

Dissector bug:  0

Valgrind error count:  108



Git commit
commit 445ddc833669e8cff7e66b268d4b4b77faa504cc
Author: Hadriel Kaplan <[email protected]>
Date:   Wed Dec 31 15:24:18 2014 -0500

    Lua: FieldInfo '==' check isn't really equality

    The FieldInfo metamethod for equality (letting you use the '==' operator)
    doesn't check for equality, but rather if the left-hand side is within
    the right-hand side. It should be equality instead. Also, all of the
    FieldInfo operate overloads should push a boolean even if they're false
    result.

    Bug: 10820
    Change-Id: Ibddaab29713f26d22ddb4d5804b9edb15e93fd79
    Reviewed-on: https://code.wireshark.org/review/6186
    Petri-Dish: Hadriel Kaplan <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Michael Mann <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==17225== Memcheck, a memory error detector
==17225== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==17225== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==17225== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-01-03-20465.pcap
==17225== 
==17225== Invalid read of size 1
==17225==    at 0x9B49FE0: g_str_hash (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x9B49568: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x67CE4F0: call_ber_oid_callback (packet-ber.c:544)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==    by 0x67D167D: dissect_ber_sequence_of (packet-ber.c:3546)
==17225==    by 0x6F1DA5F: dissect_acse_Association_data (acse.cnf:287)
==17225==  Address 0x13e9bb30 is 0 bytes inside a block of size 13 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x7201A3C: wmem_simple_free_all (wmem_allocator_simple.c:107)
==17225==    by 0x72026BB: wmem_leave_packet_scope (wmem_scopes.c:81)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== Invalid read of size 1
==17225==    at 0x9B49FFD: g_str_hash (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x9B49568: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x67CE4F0: call_ber_oid_callback (packet-ber.c:544)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==    by 0x67D167D: dissect_ber_sequence_of (packet-ber.c:3546)
==17225==    by 0x6F1DA5F: dissect_acse_Association_data (acse.cnf:287)
==17225==  Address 0x13e9bb31 is 1 bytes inside a block of size 13 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x7201A3C: wmem_simple_free_all (wmem_allocator_simple.c:107)
==17225==    by 0x72026BB: wmem_leave_packet_scope (wmem_scopes.c:81)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== Invalid read of size 1
==17225==    at 0x4C2E0E2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x9B76B02: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x66D1990: find_string_dtbl_entry (packet.c:1231)
==17225==    by 0x66D2296: dissector_try_string (packet.c:1420)
==17225==    by 0x67CE558: call_ber_oid_callback (packet-ber.c:1113)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==  Address 0x13e9bb30 is 0 bytes inside a block of size 13 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x7201A3C: wmem_simple_free_all (wmem_allocator_simple.c:107)
==17225==    by 0x72026BB: wmem_leave_packet_scope (wmem_scopes.c:81)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== Invalid read of size 1
==17225==    at 0x4C2E0F4: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x9B76B02: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x66D1990: find_string_dtbl_entry (packet.c:1231)
==17225==    by 0x66D2296: dissector_try_string (packet.c:1420)
==17225==    by 0x67CE558: call_ber_oid_callback (packet-ber.c:1113)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==  Address 0x13e9bb31 is 1 bytes inside a block of size 13 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x7201A3C: wmem_simple_free_all (wmem_allocator_simple.c:107)
==17225==    by 0x72026BB: wmem_leave_packet_scope (wmem_scopes.c:81)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== Invalid read of size 8
==17225==    at 0x4C2F790: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x9B76B1C: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x66D1990: find_string_dtbl_entry (packet.c:1231)
==17225==    by 0x66D2296: dissector_try_string (packet.c:1420)
==17225==    by 0x67CE558: call_ber_oid_callback (packet-ber.c:1113)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==  Address 0x13e9bb30 is 0 bytes inside a block of size 13 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x7201A3C: wmem_simple_free_all (wmem_allocator_simple.c:107)
==17225==    by 0x72026BB: wmem_leave_packet_scope (wmem_scopes.c:81)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== Invalid read of size 2
==17225==    at 0x4C2F7E0: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x9B76B1C: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x66D1990: find_string_dtbl_entry (packet.c:1231)
==17225==    by 0x66D2296: dissector_try_string (packet.c:1420)
==17225==    by 0x67CE558: call_ber_oid_callback (packet-ber.c:1113)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==  Address 0x13e9bb38 is 8 bytes inside a block of size 13 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x7201A3C: wmem_simple_free_all (wmem_allocator_simple.c:107)
==17225==    by 0x72026BB: wmem_leave_packet_scope (wmem_scopes.c:81)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== Invalid read of size 1
==17225==    at 0x4C2F950: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x9B76B1C: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x66D1990: find_string_dtbl_entry (packet.c:1231)
==17225==    by 0x66D2296: dissector_try_string (packet.c:1420)
==17225==    by 0x67CE558: call_ber_oid_callback (packet-ber.c:1113)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==  Address 0x13e9bb3c is 12 bytes inside a block of size 13 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x7201A3C: wmem_simple_free_all (wmem_allocator_simple.c:107)
==17225==    by 0x72026BB: wmem_leave_packet_scope (wmem_scopes.c:81)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== Invalid read of size 8
==17225==    at 0x4C2F79E: memcpy@@GLIBC_2.14 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x9B76B1C: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17225==    by 0x66D1990: find_string_dtbl_entry (packet.c:1231)
==17225==    by 0x66D2296: dissector_try_string (packet.c:1420)
==17225==    by 0x67CE558: call_ber_oid_callback (packet-ber.c:1113)
==17225==    by 0x67CD51F: dissect_ber_choice (packet-ber.c:2916)
==17225==    by 0x6F1CDAF: dissect_acse_T_encoding (acse.cnf:129)
==17225==    by 0x67CF13C: dissect_ber_sequence (packet-ber.c:2418)
==17225==    by 0x6F1C9EF: dissect_acse_EXTERNALt_U (acse.cnf:147)
==17225==    by 0x67CC66A: dissect_ber_tagged_type (packet-ber.c:710)
==17225==    by 0x6F1C8BD: dissect_acse_EXTERNALt (acse.cnf:157)
==17225==    by 0x67D0EC6: dissect_ber_sq_of (packet-ber.c:3515)
==17225==  Address 0x14b4e530 is 16 bytes inside a block of size 35 free'd
==17225==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17225==    by 0x66C5AB4: emem_free_all (emem.c:1187)
==17225==    by 0x66C6C20: epan_dissect_run_with_taps (epan.c:350)
==17225==    by 0x413553: process_packet (tshark.c:3608)
==17225==    by 0x40C72D: main (tshark.c:3371)
==17225== 
==17225== 
==17225== HEAP SUMMARY:
==17225==     in use at exit: 1,228,625 bytes in 30,679 blocks
==17225==   total heap usage: 988,905 allocs, 958,226 frees, 63,953,177 bytes
allocated
==17225== 
==17225== LEAK SUMMARY:
==17225==    definitely lost: 12,632 bytes in 1,165 blocks
==17225==    indirectly lost: 36,744 bytes in 51 blocks
==17225==      possibly lost: 0 bytes in 0 blocks
==17225==    still reachable: 1,179,249 bytes in 29,463 blocks
==17225==         suppressed: 0 bytes in 0 blocks
==17225== Rerun with --leak-check=full to see details of leaked memory
==17225== 
==17225== For counts of detected and suppressed errors, rerun with: -v
==17225== ERROR SUMMARY: 108 errors from 8 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.