Wireshark-bugs: [Wireshark-bugs] [Bug 11203] New: Buildbot crash output: fuzz-2015-05-14-25773.p

Date: Sat, 16 May 2015 21:50:02 +0000
Bug ID 11203
Summary Buildbot crash output: fuzz-2015-05-14-25773.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-05-14-25773.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-05-14-25773.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/local_permissions_changes.pcap

Build host information:
Linux wsbb04 3.13.0-52-generic #86-Ubuntu SMP Mon May 4 04:32:59 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3228
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=2156413bf9cb093b7f5998399bb6ceb7b4c232ce

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit 2156413bf9cb093b7f5998399bb6ceb7b4c232ce
Author: Gerald Combs <[email protected]>
Date:   Wed May 13 15:46:51 2015 -0700

    Qt: Column preference fixes.

    Don't call redrawVisiblePackets in PacketList::sectionResized. Otherwise
    we trigger the crash in bug 11179. Call recent_set_column_width instead.

    Clean up the slots called when column preferences change and when recent
    column widths change.

    Update our column visibility in redrawVisiblePackets.

    Use recent_get_column_width when writing the recent file. columnWidth
    doesn't return a valid value when we're not visible.

    Bug: 11179.
    Change-Id: I34ab93d944b341e42129a1c8ff94ba8f7ad4f5fc
    Reviewed-on: https://code.wireshark.org/review/8457
    Petri-Dish: Gerald Combs <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Michal Labedzki <[email protected]>
    Reviewed-by: Gerald Combs <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==31034== Memcheck, a memory error detector
==31034== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==31034== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==31034== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-05-14-25773.pcap
==31034== 
==31034== Invalid read of size 8
==31034==    at 0x6CC2881: dissect_ntlmssp (packet-ntlmssp.c:1648)
==31034==    by 0x675579D: call_dissector_work (packet.c:614)
==31034==    by 0x6754D4C: call_dissector_with_data (packet.c:2373)
==31034==    by 0x6AB14B1: dissect_gssapi_work (packet-gssapi.c:311)
==31034==    by 0x675579D: call_dissector_work (packet.c:614)
==31034==    by 0x6754D4C: call_dissector_with_data (packet.c:2373)
==31034==    by 0x6E4B297: dissect_session_setup_andx_request
(packet-smb.c:7025)
==31034==    by 0x6E3D1DF: dissect_smb_command (packet-smb.c:16758)
==31034==    by 0x6E3CB2D: dissect_smb (packet-smb.c:17683)
==31034==    by 0x6E3CDAE: dissect_smb_heur (packet-smb.c:17732)
==31034==    by 0x67567C6: dissector_try_heuristic (packet.c:2041)
==31034==    by 0x6C65D76: dissect_nbss_packet (packet-nbt.c:1109)
==31034==  Address 0x12d83760 is 32 bytes inside a block of size 37 alloc'd
==31034==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31034==    by 0x9FD8610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==31034==    by 0x730D44A: wmem_simple_alloc (wmem_allocator_simple.c:55)
==31034==    by 0x6CC4673: dissect_ntlmssp_blob (packet-ntlmssp.c:987)
==31034==    by 0x6CC2843: dissect_ntlmssp (packet-ntlmssp.c:1642)
==31034==    by 0x675579D: call_dissector_work (packet.c:614)
==31034==    by 0x6754D4C: call_dissector_with_data (packet.c:2373)
==31034==    by 0x6AB14B1: dissect_gssapi_work (packet-gssapi.c:311)
==31034==    by 0x675579D: call_dissector_work (packet.c:614)
==31034==    by 0x6754D4C: call_dissector_with_data (packet.c:2373)
==31034==    by 0x6E4B297: dissect_session_setup_andx_request
(packet-smb.c:7025)
==31034==    by 0x6E3D1DF: dissect_smb_command (packet-smb.c:16758)
==31034== 
==31034== 
==31034== HEAP SUMMARY:
==31034==     in use at exit: 1,229,879 bytes in 30,107 blocks
==31034==   total heap usage: 318,794 allocs, 288,687 frees, 38,575,736 bytes
allocated
==31034== 
==31034== LEAK SUMMARY:
==31034==    definitely lost: 3,664 bytes in 160 blocks
==31034==    indirectly lost: 37,544 bytes in 67 blocks
==31034==      possibly lost: 0 bytes in 0 blocks
==31034==    still reachable: 1,188,671 bytes in 29,880 blocks
==31034==         suppressed: 0 bytes in 0 blocks
==31034== Rerun with --leak-check=full to see details of leaked memory
==31034== 
==31034== For counts of detected and suppressed errors, rerun with: -v
==31034== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.