Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11462] New: Buildbot crash output: fuzz-2015-08-20-29629.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 11462] New: Buildbot crash output: fuzz-2015-08-20-29629.p

Date: Sat, 22 Aug 2015 13:30:03 +0000

Bug ID	11462
Summary	Buildbot crash output: fuzz-2015-08-20-29629.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2015-08-20-29629.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-08-20-29629.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/9025-avrcp_se_fragmentation_3.log

Build host information:
Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3295
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=6ed3e080e9942d558b006a2f32a5aff0ff0d2876

Return value:  0

Dissector bug:  0

Valgrind error count:  5



Git commit
commit 6ed3e080e9942d558b006a2f32a5aff0ff0d2876
Author: Alexis La Goutte <[email protected]>
Date:   Tue Aug 18 21:10:13 2015 +0200

    pcapng(file): fix duplicate break

    Change-Id: Ife7170c050402ab94d368acc6c233714be764824
    Reviewed-on: https://code.wireshark.org/review/10114
    Reviewed-by: Guy Harris <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==17620== Memcheck, a memory error detector
==17620== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==17620== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==17620== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-08-20-29629.pcap
==17620== 
==17620== Invalid read of size 4
==17620==    at 0x692EB35: dissect_bthcrp (packet-bthcrp.c:415)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C9C79: dissector_try_string (packet.c:1458)
==17620==    by 0x691008D: dissect_btavctp (packet-btavctp.c:413)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620==    by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==  Address 0x154d335c is 20 bytes before a block of size 72 alloc'd
==17620==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17620==    by 0xA2FF610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17620==    by 0xA31522D: g_slice_alloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17620==    by 0x67FCE91: tvb_new (tvbuff.c:87)
==17620==    by 0x67FC634: tvb_new_subset_length (tvbuff_subset.c:113)
==17620==    by 0x690FBDA: dissect_btavctp (packet-btavctp.c:207)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620== 
==17620== Invalid read of size 4
==17620==    at 0x692EB56: dissect_bthcrp (packet-bthcrp.c:416)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C9C79: dissector_try_string (packet.c:1458)
==17620==    by 0x691008D: dissect_btavctp (packet-btavctp.c:413)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620==    by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==  Address 0x154d3360 is 16 bytes before a block of size 72 alloc'd
==17620==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17620==    by 0xA2FF610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17620==    by 0xA31522D: g_slice_alloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17620==    by 0x67FCE91: tvb_new (tvbuff.c:87)
==17620==    by 0x67FC634: tvb_new_subset_length (tvbuff_subset.c:113)
==17620==    by 0x690FBDA: dissect_btavctp (packet-btavctp.c:207)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620== 
==17620== Invalid read of size 4
==17620==    at 0x692EB5F: dissect_bthcrp (packet-bthcrp.c:417)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C9C79: dissector_try_string (packet.c:1458)
==17620==    by 0x691008D: dissect_btavctp (packet-btavctp.c:413)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620==    by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==  Address 0x154d3364 is 12 bytes before a block of size 72 alloc'd
==17620==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17620==    by 0xA2FF610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17620==    by 0xA31522D: g_slice_alloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17620==    by 0x67FCE91: tvb_new (tvbuff.c:87)
==17620==    by 0x67FC634: tvb_new_subset_length (tvbuff_subset.c:113)
==17620==    by 0x690FBDA: dissect_btavctp (packet-btavctp.c:207)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620== 
==17620== Invalid read of size 2
==17620==    at 0x692EB71: dissect_bthcrp (packet-bthcrp.c:427)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C9C79: dissector_try_string (packet.c:1458)
==17620==    by 0x691008D: dissect_btavctp (packet-btavctp.c:413)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620==    by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==  Address 0x154d3340 is 16 bytes after a block of size 16 alloc'd
==17620==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==17620==    by 0xA2FF610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==17620==    by 0x73A763A: wmem_simple_alloc (wmem_allocator_simple.c:55)
==17620==    by 0x690FB8D: dissect_btavctp (packet-btavctp.c:197)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620==    by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620== 
==17620== Invalid read of size 2
==17620==    at 0x692F05E: dissect_bthcrp (packet-bthcrp.c:493)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C9C79: dissector_try_string (packet.c:1458)
==17620==    by 0x691008D: dissect_btavctp (packet-btavctp.c:413)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C956E: dissector_try_uint_new (packet.c:1163)
==17620==    by 0x693984F: dissect_b_frame (packet-btl2cap.c:1485)
==17620==    by 0x6937CF7: dissect_btl2cap (packet-btl2cap.c:2141)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==    by 0x67C8C8C: call_dissector_with_data (packet.c:2570)
==17620==    by 0x691B953: dissect_bthci_acl (packet-bthci_acl.c:417)
==17620==    by 0x67C96CF: call_dissector_work (packet.c:618)
==17620==  Address 0x154d3350 is not stack'd, malloc'd or (recently) free'd
==17620== 
==17620== 
==17620== HEAP SUMMARY:
==17620==     in use at exit: 1,031,674 bytes in 28,007 blocks
==17620==   total heap usage: 609,094 allocs, 581,087 frees, 49,848,048 bytes
allocated
==17620== 
==17620== LEAK SUMMARY:
==17620==    definitely lost: 2,932 bytes in 126 blocks
==17620==    indirectly lost: 36,456 bytes in 49 blocks
==17620==      possibly lost: 0 bytes in 0 blocks
==17620==    still reachable: 992,286 bytes in 27,832 blocks
==17620==         suppressed: 0 bytes in 0 blocks
==17620== Rerun with --leak-check=full to see details of leaked memory
==17620== 
==17620== For counts of detected and suppressed errors, rerun with: -v
==17620== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11461] Additional (bogus) expert items with Wireshark compared to tshark
Next by Date: [Wireshark-bugs] [Bug 11098] compare two capture files crashes wireshark when navigating the results
Previous by thread: [Wireshark-bugs] [Bug 9039] wrong interpretation of first byte in userdata of profinet data
Next by thread: [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
Index(es):
- Date
- Thread