Wireshark-bugs: [Wireshark-bugs] [Bug 11507] New: Buildbot crash output: fuzz-2015-09-07-19251.p

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 07 Sep 2015 22:32:42 +0000
Bug ID 11507
Summary Buildbot crash output: fuzz-2015-09-07-19251.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-09-07-19251.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-09-07-19251.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10685-wnm-sleepmode.pcap

Build host information:
Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3309
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=4f5937a18bf97cdd380a3812cde81efb0025c116

Return value:  139

Dissector bug:  0

Valgrind error count:  1



Git commit
commit 4f5937a18bf97cdd380a3812cde81efb0025c116
Author: Stig Bjørlykke <[email protected]>
Date:   Sat Sep 5 20:30:17 2015 +0200

    Qt: Fixed a QString memory leak

    Change-Id: I93f439b7eb8d915f23ee456205d202d599f8cd99
    Reviewed-on: https://code.wireshark.org/review/10394
    Reviewed-by: Stig Bjørlykke <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==12169== Memcheck, a memory error detector
==12169== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==12169== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==12169== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-09-07-19251.pcap
==12169== 
==12169== Invalid read of size 1
==12169==    at 0x681FDE9: AirPDcapDecryptWPABroadcastKey (airpdcap.c:410)
==12169==    by 0x681F203: AirPDcapScanForKeys (airpdcap.c:1423)
==12169==    by 0x6BA895E: dissect_ieee80211_common (packet-ieee80211.c:17688)
==12169==    by 0x6BA4715: dissect_ieee80211 (packet-ieee80211.c:18295)
==12169==    by 0x67D485F: call_dissector_work (packet.c:618)
==12169==    by 0x67D3E1C: call_dissector_with_data (packet.c:2570)
==12169==    by 0x67D485F: call_dissector_work (packet.c:618)
==12169==    by 0x67D3E1C: call_dissector_with_data (packet.c:2570)
==12169==    by 0x6B939AB: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==12169==    by 0x67D487D: call_dissector_work (packet.c:620)
==12169==    by 0x67D46FE: dissector_try_uint_new (packet.c:1163)
==12169==    by 0x6ABD7FF: dissect_frame (packet-frame.c:499)
==12169==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==12169== 
==12169== 
==12169== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==12169==  Access not within mapped region at address 0x0
==12169==    at 0x681FDE9: AirPDcapDecryptWPABroadcastKey (airpdcap.c:410)
==12169==    by 0x681F203: AirPDcapScanForKeys (airpdcap.c:1423)
==12169==    by 0x6BA895E: dissect_ieee80211_common (packet-ieee80211.c:17688)
==12169==    by 0x6BA4715: dissect_ieee80211 (packet-ieee80211.c:18295)
==12169==    by 0x67D485F: call_dissector_work (packet.c:618)
==12169==    by 0x67D3E1C: call_dissector_with_data (packet.c:2570)
==12169==    by 0x67D485F: call_dissector_work (packet.c:618)
==12169==    by 0x67D3E1C: call_dissector_with_data (packet.c:2570)
==12169==    by 0x6B939AB: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==12169==    by 0x67D487D: call_dissector_work (packet.c:620)
==12169==    by 0x67D46FE: dissector_try_uint_new (packet.c:1163)
==12169==    by 0x6ABD7FF: dissect_frame (packet-frame.c:499)
==12169==  If you believe this happened as a result of a stack
==12169==  overflow in your program's main thread (unlikely but
==12169==  possible), you can try to increase the size of the
==12169==  main thread stack using the --main-stacksize= flag.
==12169==  The main thread stack size used in this run was 2084864.
==12169== 
==12169== HEAP SUMMARY:
==12169==     in use at exit: 26,764,559 bytes in 554,205 blocks
==12169==   total heap usage: 605,595 allocs, 51,390 frees, 50,924,047 bytes
allocated
==12169== 
==12169== LEAK SUMMARY:
==12169==    definitely lost: 275 bytes in 18 blocks
==12169==    indirectly lost: 8 bytes in 1 blocks
==12169==      possibly lost: 388 bytes in 20 blocks
==12169==    still reachable: 26,763,888 bytes in 554,166 blocks
==12169==         suppressed: 0 bytes in 0 blocks
==12169== Rerun with --leak-check=full to see details of leaked memory
==12169== 
==12169== For counts of detected and suppressed errors, rerun with: -v
==12169== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
./tools/valgrind-wireshark.sh: line 113: 12169 Segmentation fault      (core
dumped) $LIBTOOL valgrind --suppressions=`dirname $0`/vg-suppressions
--tool=$TOOL $CALLGRIND_OUT_FILE $VERBOSE $LEAK_CHECK $REACHABLE $TRACK_ORIGINS
$COMMAND $COMMAND_ARGS $PCAP $COMMAND_ARGS2 > /dev/null

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.