Wireshark-bugs: [Wireshark-bugs] [Bug 11346] New: Buildbot crash output: fuzz-2015-07-06-12566.p

Date: Tue, 07 Jul 2015 13:20:03 +0000
Bug ID 11346
Summary Buildbot crash output: fuzz-2015-07-06-12566.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-07-06-12566.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-07-06-12566.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/3873-wpa2-aes_pass_63_cant_decode_fil.pcap

Build host information:
Linux wsbb04 3.13.0-55-generic #92-Ubuntu SMP Sun Jun 14 18:32:20 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3271
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=ebae0c98f8556b9533cd1bb21c4bac548ab5e470

Return value:  0

Dissector bug:  0

Valgrind error count:  730



Git commit
commit ebae0c98f8556b9533cd1bb21c4bac548ab5e470
Author: Evan Huus <[email protected]>
Date:   Fri Jul 3 21:14:53 2015 -0400

    store tcp/udp port names in epan scope

    This causes them to be freed on shutdown, cleaning up ~800KB of "reachable"
    memory according to valgrind. The fact that we even need to construct these
as
    value_strings is questionable IMHO, but that's a problem for a later date.

    Switch epan_scope to the BLOCK allocator now that we're using it for so
much
    more, this gives a small but measurable increase in startup time.

    Change-Id: I187460b769e28da3c6629abac1d9196727ae7dde
    Reviewed-on: https://code.wireshark.org/review/9483
    Reviewed-by: Michael Mann <[email protected]>
    Reviewed-by: Evan Huus <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh -T

==26477== Memcheck, a memory error detector
==26477== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==26477== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==26477== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-07-06-12566.pcap
==26477== 
==26477== Conditional jump or move depends on uninitialised value(s)
==26477==    at 0x6B2A5C5: dissect_wlan_radio (packet-ieee80211-radio.c:708)
==26477==    by 0x67744FF: call_dissector_work (packet.c:611)
==26477==    by 0x6773ACC: call_dissector_with_data (packet.c:2480)
==26477==    by 0x6D4878B: dissect_ppi (packet-ppi.c:1145)
==26477==    by 0x677451D: call_dissector_work (packet.c:613)
==26477==    by 0x677439E: dissector_try_uint_new (packet.c:1131)
==26477==    by 0x6A57CDF: dissect_frame (packet-frame.c:498)
==26477==    by 0x67744FF: call_dissector_work (packet.c:611)
==26477==    by 0x6773ACC: call_dissector_with_data (packet.c:2480)
==26477==    by 0x67739A5: dissect_record (packet.c:491)
==26477==    by 0x676847E: epan_dissect_run_with_taps (epan.c:345)
==26477==    by 0x4130C5: process_packet (tshark.c:3607)
==26477== 
==26477== 
==26477== HEAP SUMMARY:
==26477==     in use at exit: 1,221,642 bytes in 29,279 blocks
==26477==   total heap usage: 1,217,010 allocs, 1,187,731 frees, 94,842,141
bytes allocated
==26477== 
==26477== LEAK SUMMARY:
==26477==    definitely lost: 2,932 bytes in 126 blocks
==26477==    indirectly lost: 36,456 bytes in 49 blocks
==26477==      possibly lost: 0 bytes in 0 blocks
==26477==    still reachable: 1,182,254 bytes in 29,104 blocks
==26477==         suppressed: 0 bytes in 0 blocks
==26477== Rerun with --leak-check=full to see details of leaked memory
==26477== 
==26477== For counts of detected and suppressed errors, rerun with: -v
==26477== Use --track-origins=yes to see where uninitialised values come from
==26477== ERROR SUMMARY: 730 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.