Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11430] New: Buildbot crash output: fuzz-2015-08-06-24335.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 11430] New: Buildbot crash output: fuzz-2015-08-06-24335.p

Date: Sun, 09 Aug 2015 02:30:03 +0000

Bug ID	11430
Summary	Buildbot crash output: fuzz-2015-08-06-24335.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2015-08-06-24335.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-08-06-24335.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/RDP-002.pcap.gz

Build host information:
Linux wsbb04 3.13.0-55-generic #92-Ubuntu SMP Sun Jun 14 18:32:20 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3285
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=8421af3256b73f0c5ec5064e49a113bb4685ec1a

Return value:  0

Dissector bug:  0

Valgrind error count:  5



Git commit
commit 8421af3256b73f0c5ec5064e49a113bb4685ec1a
Author: Luke Mewburn <[email protected]>
Date:   Tue Aug 4 19:42:19 2015 +1000

    Rename nettrace3gpp324423 to 3gpp32423

    Use "3gpp32423" instead of "nettrace3gpp324423":
    - There were too many "4"s in the previous name ("324423" vs "32423").
    - "nettrace" isn't an official name, per 3GPP TS 32 423
    - It's shorter.

    Change-Id: Ic981d0351a3014fb79702955ebef7b13f6ce4a2e
    Reviewed-on: https://code.wireshark.org/review/9863
    Reviewed-by: Anders Broman <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==26650== Memcheck, a memory error detector
==26650== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==26650== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==26650== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-08-06-24335.pcap
==26650== 
==26650== Invalid read of size 4
==26650==    at 0x67EC786: tvb_reported_length (tvbuff.c:625)
==26650==    by 0x72442C1: dissect_t124_T_value (t124.cnf:158)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244267: dissect_t124_UserData_item (t124.cnf:179)
==26650==    by 0x6D81F2F: dissect_per_sequence_of (packet-per.c:531)
==26650==    by 0x7244247: dissect_t124_UserData (t124.cnf:192)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244127: dissect_t124_ConferenceCreateResponse (t124.cnf:865)
==26650==    by 0x6D84E37: dissect_per_choice (packet-per.c:1709)
==26650==    by 0x7244BCC: dissect_t124_T_connectPDU (t124.cnf:195)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x72431B9: dissect_t124_new (t124.cnf:162)
==26650==  Address 0x15448490 is 16 bytes inside a block of size 72 free'd
==26650==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26650==    by 0x67EBCF3: tvb_free_chain (tvbuff.c:114)
==26650==    by 0x67AD57E: epan_dissect_reset (epan.c:292)
==26650==    by 0x4135B1: process_packet (tshark.c:3713)
==26650==    by 0x410DBC: main (tshark.c:3420)
==26650== 
==26650== Invalid read of size 4
==26650==    at 0x67EC78C: tvb_reported_length (tvbuff.c:627)
==26650==    by 0x72442C1: dissect_t124_T_value (t124.cnf:158)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244267: dissect_t124_UserData_item (t124.cnf:179)
==26650==    by 0x6D81F2F: dissect_per_sequence_of (packet-per.c:531)
==26650==    by 0x7244247: dissect_t124_UserData (t124.cnf:192)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244127: dissect_t124_ConferenceCreateResponse (t124.cnf:865)
==26650==    by 0x6D84E37: dissect_per_choice (packet-per.c:1709)
==26650==    by 0x7244BCC: dissect_t124_T_connectPDU (t124.cnf:195)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x72431B9: dissect_t124_new (t124.cnf:162)
==26650==  Address 0x154484ac is 44 bytes inside a block of size 72 free'd
==26650==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26650==    by 0x67EBCF3: tvb_free_chain (tvbuff.c:114)
==26650==    by 0x67AD57E: epan_dissect_reset (epan.c:292)
==26650==    by 0x4135B1: process_packet (tshark.c:3713)
==26650==    by 0x410DBC: main (tshark.c:3420)
==26650== 
==26650== Invalid read of size 4
==26650==    at 0x67EFB7F: tvb_get_string_enc (tvbuff.c:2443)
==26650==    by 0x72442D2: dissect_t124_T_value (t124.cnf:158)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244267: dissect_t124_UserData_item (t124.cnf:179)
==26650==    by 0x6D81F2F: dissect_per_sequence_of (packet-per.c:531)
==26650==    by 0x7244247: dissect_t124_UserData (t124.cnf:192)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244127: dissect_t124_ConferenceCreateResponse (t124.cnf:865)
==26650==    by 0x6D84E37: dissect_per_choice (packet-per.c:1709)
==26650==    by 0x7244BCC: dissect_t124_T_connectPDU (t124.cnf:195)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x72431B9: dissect_t124_new (t124.cnf:162)
==26650==  Address 0x15448490 is 16 bytes inside a block of size 72 free'd
==26650==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26650==    by 0x67EBCF3: tvb_free_chain (tvbuff.c:114)
==26650==    by 0x67AD57E: epan_dissect_reset (epan.c:292)
==26650==    by 0x4135B1: process_packet (tshark.c:3713)
==26650==    by 0x410DBC: main (tshark.c:3420)
==26650== 
==26650== Invalid read of size 4
==26650==    at 0x67EFBF9: tvb_get_string_enc (tvbuff.c:190)
==26650==    by 0x72442D2: dissect_t124_T_value (t124.cnf:158)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244267: dissect_t124_UserData_item (t124.cnf:179)
==26650==    by 0x6D81F2F: dissect_per_sequence_of (packet-per.c:531)
==26650==    by 0x7244247: dissect_t124_UserData (t124.cnf:192)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244127: dissect_t124_ConferenceCreateResponse (t124.cnf:865)
==26650==    by 0x6D84E37: dissect_per_choice (packet-per.c:1709)
==26650==    by 0x7244BCC: dissect_t124_T_connectPDU (t124.cnf:195)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x72431B9: dissect_t124_new (t124.cnf:162)
==26650==  Address 0x154484a8 is 40 bytes inside a block of size 72 free'd
==26650==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26650==    by 0x67EBCF3: tvb_free_chain (tvbuff.c:114)
==26650==    by 0x67AD57E: epan_dissect_reset (epan.c:292)
==26650==    by 0x4135B1: process_packet (tshark.c:3713)
==26650==    by 0x410DBC: main (tshark.c:3420)
==26650== 
==26650== Invalid read of size 8
==26650==    at 0x67EFC43: tvb_get_string_enc (tvbuff.c:699)
==26650==    by 0x72442D2: dissect_t124_T_value (t124.cnf:158)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244267: dissect_t124_UserData_item (t124.cnf:179)
==26650==    by 0x6D81F2F: dissect_per_sequence_of (packet-per.c:531)
==26650==    by 0x7244247: dissect_t124_UserData (t124.cnf:192)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x7244127: dissect_t124_ConferenceCreateResponse (t124.cnf:865)
==26650==    by 0x6D84E37: dissect_per_choice (packet-per.c:1709)
==26650==    by 0x7244BCC: dissect_t124_T_connectPDU (t124.cnf:195)
==26650==    by 0x6D851F5: dissect_per_sequence (packet-per.c:1859)
==26650==    by 0x72431B9: dissect_t124_new (t124.cnf:162)
==26650==  Address 0x154484a0 is 32 bytes inside a block of size 72 free'd
==26650==    at 0x4C2BDEC: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26650==    by 0x67EBCF3: tvb_free_chain (tvbuff.c:114)
==26650==    by 0x67AD57E: epan_dissect_reset (epan.c:292)
==26650==    by 0x4135B1: process_packet (tshark.c:3713)
==26650==    by 0x410DBC: main (tshark.c:3420)
==26650== 
==26650== 
==26650== HEAP SUMMARY:
==26650==     in use at exit: 1,226,384 bytes in 29,438 blocks
==26650==   total heap usage: 620,075 allocs, 590,637 frees, 50,213,999 bytes
allocated
==26650== 
==26650== LEAK SUMMARY:
==26650==    definitely lost: 2,964 bytes in 128 blocks
==26650==    indirectly lost: 36,456 bytes in 49 blocks
==26650==      possibly lost: 0 bytes in 0 blocks
==26650==    still reachable: 1,186,964 bytes in 29,261 blocks
==26650==         suppressed: 0 bytes in 0 blocks
==26650== Rerun with --leak-check=full to see details of leaked memory
==26650== 
==26650== For counts of detected and suppressed errors, rerun with: -v
==26650== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11430] Buildbot crash output: fuzz-2015-08-06-24335.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11430] Buildbot crash output: fuzz-2015-08-06-24335.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11430] Buildbot crash output: fuzz-2015-08-06-24335.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10783] Add Decryption support for Lwmesh
Next by Date: [Wireshark-bugs] [Bug 11431] New: Buildbot crash output: fuzz-2015-08-09-2561.pcap
Previous by thread: [Wireshark-bugs] [Bug 10783] Add Decryption support for Lwmesh
Next by thread: [Wireshark-bugs] [Bug 11430] Buildbot crash output: fuzz-2015-08-06-24335.pcap
Index(es):
- Date
- Thread