[bugzilla-daemon@xxxxxxxxxxxxx]

Bug ID	11530
Summary	Buildbot crash output: fuzz-2015-09-18-30059.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2015-09-18-30059.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-09-18-30059.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10685-wnm-sleepmode.pcap

Build host information:
Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=3313
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=2c7c7051575ecc1a0007d07d64816682c3c8c470

Return value:  0

Dissector bug:  0

Valgrind error count:  12



Git commit
commit 2c7c7051575ecc1a0007d07d64816682c3c8c470
Author: Peter Wu <peter@lekensteyn.nl>
Date:   Wed Sep 16 00:29:00 2015 +0200

    http2: fix dissection when using Upgrade

    The fix for bug 11331 has as side-effect that the HTTP part of a
    conversation is not dissected on the second pass.

    Fix it by calling the HTTP2 dissector only when it was detected via
    heuristics, and not via Upgrade (since that would be handled by the
    http loop).

    While at it, remove the use of tvb_new_subset_remaining since the
    original tvb is not touched and move the comment about the proxy to the
    right place.

    Tested with the capture from Alexis (plain HTTP2 via Upgrade), the one
    from bug 11331 (plain HTTP2 via heuristics) and a HTTP2 in SSL capture
    (via heuristics).

    Change-Id: Iead7682aa8d5114e4edcfd54eabcd0d659056cc1
    Reviewed-on: https://code.wireshark.org/review/10541
    Petri-Dish: Peter Wu <peter@lekensteyn.nl>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>


Command and args: ./tools/valgrind-wireshark.sh 

==22403== Memcheck, a memory error detector
==22403== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==22403== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==22403== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-09-18-30059.pcap
==22403== 
==22403== Conditional jump or move depends on uninitialised value(s)
==22403==    at 0x682F155: AirPDcapDecryptWPABroadcastKey (airpdcap.c:415)
==22403==    by 0x682E3A3: AirPDcapScanForKeys (airpdcap.c:1428)
==22403==    by 0x6BBA21E: dissect_ieee80211_common (packet-ieee80211.c:17688)
==22403==    by 0x6BB5FD5: dissect_ieee80211 (packet-ieee80211.c:18295)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x6BA526B: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==22403==    by 0x67E3BBD: call_dissector_work (packet.c:620)
==22403==    by 0x67E3A3E: dissector_try_uint_new (packet.c:1163)
==22403==    by 0x6ACF05F: dissect_frame (packet-frame.c:499)
==22403== 
==22403== Conditional jump or move depends on uninitialised value(s)
==22403==    at 0x682F142: AirPDcapDecryptWPABroadcastKey (airpdcap.c:409)
==22403==    by 0x682E3A3: AirPDcapScanForKeys (airpdcap.c:1428)
==22403==    by 0x6BBA21E: dissect_ieee80211_common (packet-ieee80211.c:17688)
==22403==    by 0x6BB5FD5: dissect_ieee80211 (packet-ieee80211.c:18295)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x6BA526B: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==22403==    by 0x67E3BBD: call_dissector_work (packet.c:620)
==22403==    by 0x67E3A3E: dissector_try_uint_new (packet.c:1163)
==22403==    by 0x6ACF05F: dissect_frame (packet-frame.c:499)
==22403== 
==22403== Use of uninitialised value of size 8
==22403==    at 0x682F149: AirPDcapDecryptWPABroadcastKey (airpdcap.c:415)
==22403==    by 0x682E3A3: AirPDcapScanForKeys (airpdcap.c:1428)
==22403==    by 0x6BBA21E: dissect_ieee80211_common (packet-ieee80211.c:17688)
==22403==    by 0x6BB5FD5: dissect_ieee80211 (packet-ieee80211.c:18295)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x6BA526B: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==22403==    by 0x67E3BBD: call_dissector_work (packet.c:620)
==22403==    by 0x67E3A3E: dissector_try_uint_new (packet.c:1163)
==22403==    by 0x6ACF05F: dissect_frame (packet-frame.c:499)
==22403== 
==22403== Conditional jump or move depends on uninitialised value(s)
==22403==    at 0x682F15C: AirPDcapDecryptWPABroadcastKey (airpdcap.c:416)
==22403==    by 0x682E3A3: AirPDcapScanForKeys (airpdcap.c:1428)
==22403==    by 0x6BBA21E: dissect_ieee80211_common (packet-ieee80211.c:17688)
==22403==    by 0x6BB5FD5: dissect_ieee80211 (packet-ieee80211.c:18295)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x6BA526B: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==22403==    by 0x67E3BBD: call_dissector_work (packet.c:620)
==22403==    by 0x67E3A3E: dissector_try_uint_new (packet.c:1163)
==22403==    by 0x6ACF05F: dissect_frame (packet-frame.c:499)
==22403== 
==22403== Use of uninitialised value of size 8
==22403==    at 0x682F12B: AirPDcapDecryptWPABroadcastKey (airpdcap.c:419)
==22403==    by 0x682E3A3: AirPDcapScanForKeys (airpdcap.c:1428)
==22403==    by 0x6BBA21E: dissect_ieee80211_common (packet-ieee80211.c:17688)
==22403==    by 0x6BB5FD5: dissect_ieee80211 (packet-ieee80211.c:18295)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x67E3B9F: call_dissector_work (packet.c:618)
==22403==    by 0x67E315C: call_dissector_with_data (packet.c:2570)
==22403==    by 0x6BA526B: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==22403==    by 0x67E3BBD: call_dissector_work (packet.c:620)
==22403==    by 0x67E3A3E: dissector_try_uint_new (packet.c:1163)
==22403==    by 0x6ACF05F: dissect_frame (packet-frame.c:499)
==22403== 
==22403== 
==22403== HEAP SUMMARY:
==22403==     in use at exit: 1,036,625 bytes in 28,186 blocks
==22403==   total heap usage: 606,312 allocs, 578,126 frees, 50,987,977 bytes
allocated
==22403== 
==22403== LEAK SUMMARY:
==22403==    definitely lost: 2,932 bytes in 126 blocks
==22403==    indirectly lost: 36,456 bytes in 49 blocks
==22403==      possibly lost: 0 bytes in 0 blocks
==22403==    still reachable: 997,237 bytes in 28,011 blocks
==22403==         suppressed: 0 bytes in 0 blocks
==22403== Rerun with --leak-check=full to see details of leaked memory
==22403== 
==22403== For counts of detected and suppressed errors, rerun with: -v
==22403== Use --track-origins=yes to see where uninitialised values come from
==22403== ERROR SUMMARY: 12 errors from 5 contexts (suppressed: 0 from 0)

[ no debug trace ]

---

      You are receiving this mail because:

• You are watching all bug changes.