Wireshark-bugs: [Wireshark-bugs] [Bug 10993] New: Buildbot crash output: fuzz-2015-02-22-4968.pc

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 22 Feb 2015 19:10:02 +0000
Bug ID 10993
Summary Buildbot crash output: fuzz-2015-02-22-4968.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-02-22-4968.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-02-22-4968.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/13422-SQLServer-SMB2-selected.pcapng

Build host information:
Linux wsbb04 3.13.0-45-generic #74-Ubuntu SMP Tue Jan 13 19:36:28 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3148
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=422ad100aad4c076ab05f1373dad59481ea12072

Return value:  0

Dissector bug:  0

Valgrind error count:  215



Git commit
commit 422ad100aad4c076ab05f1373dad59481ea12072
Author: Gerald Combs <[email protected]>
Date:   Fri Feb 20 10:32:15 2015 -0800

    Qt: Apply the main window geometry directly.

    As of g2c00d66 we create the main window after we've read the recent
    settings. This means that we can get rid of the property animation
    workaround in MainWindow::loadWindowGeometry.

    Change-Id: I028061c5bdab9261f9394a1840bcdcb752a4f0c8
    Reviewed-on: https://code.wireshark.org/review/7278
    Reviewed-by: Gerald Combs <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==5994== Memcheck, a memory error detector
==5994== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==5994== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==5994== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-02-22-4968.pcap
==5994== 
==5994== Use of uninitialised value of size 8
==5994==    at 0xA8A99F1: _itoa_word (_itoa.c:180)
==5994==    by 0xA8AD6F6: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A3CA: dissect_scsi_cdb (packet-scsi.c:5899)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF772: dissect_smb2_ioctl_request (packet-smb2.c:5006)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994== 
==5994== Conditional jump or move depends on uninitialised value(s)
==5994==    at 0xA8A99F8: _itoa_word (_itoa.c:180)
==5994==    by 0xA8AD6F6: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A3CA: dissect_scsi_cdb (packet-scsi.c:5899)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF772: dissect_smb2_ioctl_request (packet-smb2.c:5006)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994== 
==5994== Conditional jump or move depends on uninitialised value(s)
==5994==    at 0xA8AD742: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A3CA: dissect_scsi_cdb (packet-scsi.c:5899)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF772: dissect_smb2_ioctl_request (packet-smb2.c:5006)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994==    by 0x6DEEB46: dissect_smb2_heur (packet-smb2.c:7378)
==5994== 
==5994== Conditional jump or move depends on uninitialised value(s)
==5994==    at 0xA8AA659: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A3CA: dissect_scsi_cdb (packet-scsi.c:5899)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF772: dissect_smb2_ioctl_request (packet-smb2.c:5006)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994==    by 0x6DEEB46: dissect_smb2_heur (packet-smb2.c:7378)
==5994== 
==5994== Conditional jump or move depends on uninitialised value(s)
==5994==    at 0xA8AA6DC: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A3CA: dissect_scsi_cdb (packet-scsi.c:5899)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF772: dissect_smb2_ioctl_request (packet-smb2.c:5006)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994==    by 0x6DEEB46: dissect_smb2_heur (packet-smb2.c:7378)
==5994== 
==5994== Conditional jump or move depends on uninitialised value(s)
==5994==    at 0xA8AD742: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A6B7: dissect_scsi_cdb (packet-scsi.c:5901)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF71F: dissect_smb2_ioctl_request (packet-smb2.c:5003)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994==    by 0x6DEEB46: dissect_smb2_heur (packet-smb2.c:7378)
==5994== 
==5994== Conditional jump or move depends on uninitialised value(s)
==5994==    at 0xA8AA659: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A6B7: dissect_scsi_cdb (packet-scsi.c:5901)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF71F: dissect_smb2_ioctl_request (packet-smb2.c:5003)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994==    by 0x6DEEB46: dissect_smb2_heur (packet-smb2.c:7378)
==5994== 
==5994== Conditional jump or move depends on uninitialised value(s)
==5994==    at 0xA8AA6DC: vfprintf (vfprintf.c:1660)
==5994==    by 0xA969DC4: __vsnprintf_chk (vsnprintf_chk.c:63)
==5994==    by 0x6704738: col_add_fstr (column-utils.c:732)
==5994==    by 0x6D7A6B7: dissect_scsi_cdb (packet-scsi.c:5901)
==5994==    by 0x6D1B7FF: dissect_rsvd (packet-rsvd.c:297)
==5994==    by 0x671418E: call_dissector_through_handle (packet.c:612)
==5994==    by 0x6714B24: call_dissector_work (packet.c:700)
==5994==    by 0x67167A1: call_dissector_with_data (packet.c:2386)
==5994==    by 0x6DF0B99: dissect_smb2_ioctl_data (packet-smb2.c:4926)
==5994==    by 0x6DEF71F: dissect_smb2_ioctl_request (packet-smb2.c:5003)
==5994==    by 0x6DEE3C2: dissect_smb2 (packet-smb2.c:6956)
==5994==    by 0x6DEEB46: dissect_smb2_heur (packet-smb2.c:7378)
==5994== 
==5994== 
==5994== HEAP SUMMARY:
==5994==     in use at exit: 1,222,281 bytes in 29,845 blocks
==5994==   total heap usage: 248,479 allocs, 218,634 frees, 31,419,656 bytes
allocated
==5994== 
==5994== LEAK SUMMARY:
==5994==    definitely lost: 4,418 bytes in 176 blocks
==5994==    indirectly lost: 37,192 bytes in 65 blocks
==5994==      possibly lost: 0 bytes in 0 blocks
==5994==    still reachable: 1,180,671 bytes in 29,604 blocks
==5994==         suppressed: 0 bytes in 0 blocks
==5994== Rerun with --leak-check=full to see details of leaked memory
==5994== 
==5994== For counts of detected and suppressed errors, rerun with: -v
==5994== Use --track-origins=yes to see where uninitialised values come from
==5994== ERROR SUMMARY: 215 errors from 8 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.