Wireshark-bugs: [Wireshark-bugs] [Bug 11505] New: Buildbot crash output: fuzz-2015-09-05-9232.pc
Date: Sat, 05 Sep 2015 20:50:02 +0000
| Bug ID | 11505 |
|---|---|
| Summary | Buildbot crash output: fuzz-2015-09-05-9232.pcap |
| Product | Wireshark |
| Version | unspecified |
| Hardware | x86-64 |
| URL | https://www.wireshark.org/download/automated/captures/fuzz-2015-09-05-9232.pcap |
| OS | Ubuntu |
| Status | CONFIRMED |
| Severity | Major |
| Priority | High |
| Component | Dissection engine (libwireshark) |
| Assignee | [email protected] |
| Reporter | [email protected] |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2015-09-05-9232.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/11635-91be931d-9d9e-49d0-8b89-48d059f520e1.pcap Build host information: Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty Buildbot information: BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark BUILDBOT_BUILDNUMBER=3308 BUILDBOT_URL=http://buildbot.wireshark.org/trunk/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_SLAVENAME=clang-code-analysis BUILDBOT_GOT_REVISION=68fa739ef16b21271dc8c3cb5649aa929379f3aa Return value: 0 Dissector bug: 0 Valgrind error count: 47 Git commit commit 68fa739ef16b21271dc8c3cb5649aa929379f3aa Author: Stig Bjørlykke <[email protected]> Date: Thu Sep 3 14:10:40 2015 +0200 Lua: Check if having listeners before remove This avoids a warning when trying to remove a listener twice. g_ptr_array_remove: assertion 'array' failed Change-Id: I0bcbbbe3b3393a8455b51fad80c5716fc38ac50e Reviewed-on: https://code.wireshark.org/review/10370 Petri-Dish: Stig Bjørlykke <[email protected]> Reviewed-by: Stig Bjørlykke <[email protected]> Command and args: ./tools/valgrind-wireshark.sh ==10091== Memcheck, a memory error detector ==10091== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==10091== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==10091== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-09-05-9232.pcap ==10091== ==10091== Invalid read of size 1 ==10091== at 0xA303FE0: g_str_hash (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0xA303568: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0x68DAEA2: call_ber_oid_callback (packet-ber.c:545) ==10091== by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== by 0x6B728AF: dissect_http_message (packet-http.c:1483) ==10091== by 0x6B6F342: dissect_http (packet-http.c:2948) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== Address 0x15509a90 is 0 bytes inside a block of size 112 free'd ==10091== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107) ==10091== by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81) ==10091== by 0x4130F5: process_packet (tshark.c:3719) ==10091== by 0x410A18: main (tshark.c:3475) ==10091== ==10091== Invalid read of size 1 ==10091== at 0xA303FFD: g_str_hash (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0xA303568: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0x68DAEA2: call_ber_oid_callback (packet-ber.c:545) ==10091== by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== by 0x6B728AF: dissect_http_message (packet-http.c:1483) ==10091== by 0x6B6F342: dissect_http (packet-http.c:2948) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== Address 0x15509a91 is 1 bytes inside a block of size 112 free'd ==10091== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107) ==10091== by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81) ==10091== by 0x4130F5: process_packet (tshark.c:3719) ==10091== by 0x410A18: main (tshark.c:3475) ==10091== ==10091== Invalid read of size 1 ==10091== at 0x4C2E0E2: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0xA330B02: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0x67D43E3: find_string_dtbl_entry (packet.c:1247) ==10091== by 0x67D4586: dissector_try_string (packet.c:1436) ==10091== by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116) ==10091== by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== by 0x6B728AF: dissect_http_message (packet-http.c:1483) ==10091== Address 0x15509a90 is 0 bytes inside a block of size 112 free'd ==10091== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107) ==10091== by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81) ==10091== by 0x4130F5: process_packet (tshark.c:3719) ==10091== by 0x410A18: main (tshark.c:3475) ==10091== ==10091== Invalid read of size 1 ==10091== at 0x4C2E0F4: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0xA330B02: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0x67D43E3: find_string_dtbl_entry (packet.c:1247) ==10091== by 0x67D4586: dissector_try_string (packet.c:1436) ==10091== by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116) ==10091== by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== by 0x6B728AF: dissect_http_message (packet-http.c:1483) ==10091== Address 0x15509a91 is 1 bytes inside a block of size 112 free'd ==10091== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107) ==10091== by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81) ==10091== by 0x4130F5: process_packet (tshark.c:3719) ==10091== by 0x410A18: main (tshark.c:3475) ==10091== ==10091== Invalid read of size 8 ==10091== at 0x4C2F790: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0xA330B1C: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0x67D43E3: find_string_dtbl_entry (packet.c:1247) ==10091== by 0x67D4586: dissector_try_string (packet.c:1436) ==10091== by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116) ==10091== by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== by 0x6B728AF: dissect_http_message (packet-http.c:1483) ==10091== Address 0x15509a90 is 0 bytes inside a block of size 112 free'd ==10091== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107) ==10091== by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81) ==10091== by 0x4130F5: process_packet (tshark.c:3719) ==10091== by 0x410A18: main (tshark.c:3475) ==10091== ==10091== Invalid read of size 2 ==10091== at 0x4C2F7E0: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0xA330B1C: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0x67D43E3: find_string_dtbl_entry (packet.c:1247) ==10091== by 0x67D4586: dissector_try_string (packet.c:1436) ==10091== by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116) ==10091== by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== by 0x6B728AF: dissect_http_message (packet-http.c:1483) ==10091== Address 0x15509aa0 is 16 bytes inside a block of size 112 free'd ==10091== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107) ==10091== by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81) ==10091== by 0x4130F5: process_packet (tshark.c:3719) ==10091== by 0x410A18: main (tshark.c:3475) ==10091== ==10091== Invalid read of size 1 ==10091== at 0x4C2F950: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0xA330B1C: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==10091== by 0x67D43E3: find_string_dtbl_entry (packet.c:1247) ==10091== by 0x67D4586: dissector_try_string (packet.c:1436) ==10091== by 0x68DAEF5: call_ber_oid_callback (packet-ber.c:1116) ==10091== by 0x717A8BD: dissect_ocsp_T_response (ocsp.cnf:50) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x717A80F: dissect_ocsp_ResponseBytes (ocsp.cnf:66) ==10091== by 0x68DCD5A: dissect_ber_sequence (packet-ber.c:2416) ==10091== by 0x7179FE6: dissect_ocsp_response (ocsp.cnf:81) ==10091== by 0x67D400F: call_dissector_work (packet.c:618) ==10091== by 0x6B728AF: dissect_http_message (packet-http.c:1483) ==10091== Address 0x15509aa4 is 20 bytes inside a block of size 112 free'd ==10091== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10091== by 0x73B4F21: wmem_simple_free_all (wmem_allocator_simple.c:107) ==10091== by 0x73B5CF7: wmem_leave_packet_scope (wmem_scopes.c:81) ==10091== by 0x4130F5: process_packet (tshark.c:3719) ==10091== by 0x410A18: main (tshark.c:3475) ==10091== ==10091== ==10091== HEAP SUMMARY: ==10091== in use at exit: 1,037,016 bytes in 28,198 blocks ==10091== total heap usage: 651,865 allocs, 623,667 frees, 53,532,682 bytes allocated ==10091== ==10091== LEAK SUMMARY: ==10091== definitely lost: 3,012 bytes in 131 blocks ==10091== indirectly lost: 36,536 bytes in 54 blocks ==10091== possibly lost: 0 bytes in 0 blocks ==10091== still reachable: 997,468 bytes in 28,013 blocks ==10091== suppressed: 0 bytes in 0 blocks ==10091== Rerun with --leak-check=full to see details of leaked memory ==10091== ==10091== For counts of detected and suppressed errors, rerun with: -v ==10091== ERROR SUMMARY: 47 errors from 7 contexts (suppressed: 0 from 0) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 11505] Buildbot crash output: fuzz-2015-09-05-9232.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11505] Buildbot crash output: fuzz-2015-09-05-9232.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11505] Buildbot crash output: fuzz-2015-09-05-9232.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11505] Buildbot crash output: fuzz-2015-09-05-9232.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11505] Buildbot crash output: fuzz-2015-09-05-9232.pcap
- Prev by Date: [Wireshark-bugs] [Bug 11504] Make CSN.1 dissector more filterable
- Next by Date: [Wireshark-bugs] [Bug 11506] New: Incorrect "[TCP ACKed unseen segment]" when retransmission includes additional data
- Previous by thread: [Wireshark-bugs] [Bug 11504] Make CSN.1 dissector more filterable
- Next by thread: [Wireshark-bugs] [Bug 11505] Buildbot crash output: fuzz-2015-09-05-9232.pcap
- Index(es):