Wireshark-bugs: [Wireshark-bugs] [Bug 11436] New: Buildbot crash output: fuzz-2015-08-11-31521.p

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 11 Aug 2015 14:40:03 +0000
Bug ID 11436
Summary Buildbot crash output: fuzz-2015-08-11-31521.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-08-11-31521.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-08-11-31521.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/13377-HR_SENSOR_btsnoop_hci.log

Build host information:
Linux wsbb04 3.13.0-55-generic #92-Ubuntu SMP Sun Jun 14 18:32:20 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3286
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=4bba83bd9ca200881a32b7bcb3356fca21397da4

Return value:  0

Dissector bug:  0

Valgrind error count:  6334



Git commit
commit 4bba83bd9ca200881a32b7bcb3356fca21397da4
Author: Gerald Combs <[email protected]>
Date:   Sat Aug 8 16:29:24 2015 -0700

    Reset the splash timer after processing events.

    Change-Id: Id71a3ac5e8f04df6a19e92021e47ea64728c2595
    Reviewed-on: https://code.wireshark.org/review/9936
    Reviewed-by: Gerald Combs <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh -T

==30337== Memcheck, a memory error detector
==30337== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==30337== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==30337== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-08-11-31521.pcap
==30337== 
==30337== Conditional jump or move depends on uninitialised value(s)
==30337==    at 0x4C2E0F8: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30337==    by 0xA2F0B02: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==30337==    by 0x680AFEF: string_fvalue_set_string (ftype-string.c:51)
==30337==    by 0x67CF1AE: proto_tree_new_item (proto.c:3271)
==30337==    by 0x68FD708: dissect_attribute_value (packet-btatt.c:1851)
==30337==    by 0x68FC9A1: dissect_btatt (packet-btatt.c:3305)
==30337==    by 0x67BC34F: call_dissector_work (packet.c:618)
==30337==    by 0x67BC1EE: dissector_try_uint_new (packet.c:1138)
==30337==    by 0x6928686: dissect_btl2cap (packet-btl2cap.c:2051)
==30337==    by 0x67BC34F: call_dissector_work (packet.c:618)
==30337==    by 0x67BB91C: call_dissector_with_data (packet.c:2510)
==30337==    by 0x690C0F3: dissect_bthci_acl (packet-bthci_acl.c:417)
==30337== 
==30337== Conditional jump or move depends on uninitialised value(s)
==30337==    at 0x4C2E0F8: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30337==    by 0x67D6ADE: proto_item_fill_label (proto.c:4340)
==30337==    by 0x67C8792: proto_tree_print_node (print.c:163)
==30337==    by 0x67CBE59: proto_tree_children_foreach (proto.c:647)
==30337==    by 0x67C88BB: proto_tree_print_node (print.c:218)
==30337==    by 0x67CBE59: proto_tree_children_foreach (proto.c:647)
==30337==    by 0x67C88BB: proto_tree_print_node (print.c:218)
==30337==    by 0x67CBE59: proto_tree_children_foreach (proto.c:647)
==30337==    by 0x67C872D: proto_tree_print (print.c:132)
==30337==    by 0x413B21: print_packet (tshark.c:4070)
==30337==    by 0x413110: process_packet (tshark.c:3680)
==30337==    by 0x4109DD: main (tshark.c:3425)
==30337== 
==30337== Use of uninitialised value of size 8
==30337==    at 0x67C9CF2: print_hex_data_buffer (print.c:987)
==30337==    by 0x67C9A99: print_hex_data (print.c:903)
==30337==    by 0x413B90: print_packet (tshark.c:4093)
==30337==    by 0x413110: process_packet (tshark.c:3680)
==30337==    by 0x4109DD: main (tshark.c:3425)
==30337== 
==30337== Use of uninitialised value of size 8
==30337==    at 0x67C9D08: print_hex_data_buffer (print.c:988)
==30337==    by 0x67C9A99: print_hex_data (print.c:903)
==30337==    by 0x413B90: print_packet (tshark.c:4093)
==30337==    by 0x413110: process_packet (tshark.c:3680)
==30337==    by 0x4109DD: main (tshark.c:3425)
==30337== 
==30337== Conditional jump or move depends on uninitialised value(s)
==30337==    at 0x67C9D41: print_hex_data_buffer (print.c:993)
==30337==    by 0x67C9A99: print_hex_data (print.c:903)
==30337==    by 0x413B90: print_packet (tshark.c:4093)
==30337==    by 0x413110: process_packet (tshark.c:3680)
==30337==    by 0x4109DD: main (tshark.c:3425)
==30337== 
==30337== Conditional jump or move depends on uninitialised value(s)
==30337==    at 0x4C2E0F8: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30337==    by 0xC68E73E: fputs (iofputs.c:35)
==30337==    by 0x67CB1AF: print_line_text (print_stream.c:131)
==30337==    by 0x67C9D83: print_hex_data_buffer (print.c:1003)
==30337==    by 0x67C9A99: print_hex_data (print.c:903)
==30337==    by 0x413B90: print_packet (tshark.c:4093)
==30337==    by 0x413110: process_packet (tshark.c:3680)
==30337==    by 0x4109DD: main (tshark.c:3425)
==30337== 
==30337== Syscall param write(buf) points to uninitialised byte(s)
==30337==    at 0xC70B870: __write_nocancel (syscall-template.S:81)
==30337==    by 0xC699002: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1261)
==30337==    by 0xC69A4DB: _IO_do_write@@GLIBC_2.2.5 (fileops.c:538)
==30337==    by 0xC69A97A: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:871)
==30337==    by 0xC692008: putc (putc.c:31)
==30337==    by 0x67CB1BE: print_line_text (print_stream.c:132)
==30337==    by 0x67C9D83: print_hex_data_buffer (print.c:1003)
==30337==    by 0x67C9A99: print_hex_data (print.c:903)
==30337==    by 0x413B90: print_packet (tshark.c:4093)
==30337==    by 0x413110: process_packet (tshark.c:3680)
==30337==    by 0x4109DD: main (tshark.c:3425)
==30337==  Address 0x4027f67 is not stack'd, malloc'd or (recently) free'd
==30337== 
==30337== Syscall param write(buf) points to uninitialised byte(s)
==30337==    at 0xC70B870: __write_nocancel (syscall-template.S:81)
==30337==    by 0xC699002: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1261)
==30337==    by 0xC69A4DB: _IO_do_write@@GLIBC_2.2.5 (fileops.c:538)
==30337==    by 0xC6996A0: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1332)
==30337==    by 0xC68E7C3: fputs (iofputs.c:40)
==30337==    by 0x67CB1AF: print_line_text (print_stream.c:131)
==30337==    by 0x67C9D83: print_hex_data_buffer (print.c:1003)
==30337==    by 0x67C9A99: print_hex_data (print.c:903)
==30337==    by 0x413B90: print_packet (tshark.c:4093)
==30337==    by 0x413110: process_packet (tshark.c:3680)
==30337==    by 0x4109DD: main (tshark.c:3425)
==30337==  Address 0x402703a is not stack'd, malloc'd or (recently) free'd
==30337== 
==30337== 
==30337== HEAP SUMMARY:
==30337==     in use at exit: 1,227,375 bytes in 29,476 blocks
==30337==   total heap usage: 705,302 allocs, 675,826 frees, 56,016,208 bytes
allocated
==30337== 
==30337== LEAK SUMMARY:
==30337==    definitely lost: 2,932 bytes in 126 blocks
==30337==    indirectly lost: 36,456 bytes in 49 blocks
==30337==      possibly lost: 0 bytes in 0 blocks
==30337==    still reachable: 1,187,987 bytes in 29,301 blocks
==30337==         suppressed: 0 bytes in 0 blocks
==30337== Rerun with --leak-check=full to see details of leaked memory
==30337== 
==30337== For counts of detected and suppressed errors, rerun with: -v
==30337== Use --track-origins=yes to see where uninitialised values come from
==30337== ERROR SUMMARY: 6334 errors from 8 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.