Wireshark-bugs: [Wireshark-bugs] [Bug 11533] New: Buildbot crash output: fuzz-2015-09-20-32107.p
Date: Tue, 22 Sep 2015 03:50:03 +0000
Bug ID | 11533 |
---|---|
Summary | Buildbot crash output: fuzz-2015-09-20-32107.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2015-09-20-32107.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2015-09-20-32107.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/9186-avrcp.log Build host information: Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty Buildbot information: BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark BUILDBOT_BUILDNUMBER=3314 BUILDBOT_URL=http://buildbot.wireshark.org/trunk/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_SLAVENAME=clang-code-analysis BUILDBOT_GOT_REVISION=22bc307c8dc99c6c8e1664d1f8994863e459f884 Return value: 0 Dissector bug: 0 Valgrind error count: 5 Git commit commit 22bc307c8dc99c6c8e1664d1f8994863e459f884 Author: Hadriel Kaplan <[email protected]> Date: Wed Aug 5 09:24:50 2015 -0400 RTP: handle payload reassembly for multiple fragments If an RTP payload spans more than two packets, the dissector needs to save the previous fragment info. Bug: 11413 Change-Id: I62558f40136881d70bf2a9597eabd3697966ac4a Reviewed-on: https://code.wireshark.org/review/9875 Petri-Dish: Hadriel Kaplan <[email protected]> Tested-by: Petri Dish Buildbot <[email protected]> Reviewed-by: Anders Broman <[email protected]> Command and args: ./tools/valgrind-wireshark.sh ==3922== Memcheck, a memory error detector ==3922== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==3922== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==3922== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-09-20-32107.pcap ==3922== ==3922== Invalid read of size 4 ==3922== at 0x694F465: dissect_bthcrp (packet-bthcrp.c:415) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E7C19: dissector_try_string (packet.c:1458) ==3922== by 0x693068B: dissect_btavctp (packet-btavctp.c:216) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== by 0x693C2A3: dissect_bthci_acl (packet-bthci_acl.c:417) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== Address 0x15569bac is 20 bytes before a block of size 72 alloc'd ==3922== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3922== by 0xA34C610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==3922== by 0xA36222D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==3922== by 0x681AC41: tvb_new (tvbuff.c:87) ==3922== by 0x681A3E4: tvb_new_subset_length (tvbuff_subset.c:113) ==3922== by 0x69304EA: dissect_btavctp (packet-btavctp.c:207) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== ==3922== Invalid read of size 4 ==3922== at 0x694F486: dissect_bthcrp (packet-bthcrp.c:416) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E7C19: dissector_try_string (packet.c:1458) ==3922== by 0x693068B: dissect_btavctp (packet-btavctp.c:216) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== by 0x693C2A3: dissect_bthci_acl (packet-bthci_acl.c:417) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== Address 0x15569bb0 is 16 bytes before a block of size 72 alloc'd ==3922== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3922== by 0xA34C610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==3922== by 0xA36222D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==3922== by 0x681AC41: tvb_new (tvbuff.c:87) ==3922== by 0x681A3E4: tvb_new_subset_length (tvbuff_subset.c:113) ==3922== by 0x69304EA: dissect_btavctp (packet-btavctp.c:207) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== ==3922== Invalid read of size 4 ==3922== at 0x694F48F: dissect_bthcrp (packet-bthcrp.c:417) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E7C19: dissector_try_string (packet.c:1458) ==3922== by 0x693068B: dissect_btavctp (packet-btavctp.c:216) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== by 0x693C2A3: dissect_bthci_acl (packet-bthci_acl.c:417) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== Address 0x15569bb4 is 12 bytes before a block of size 72 alloc'd ==3922== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3922== by 0xA34C610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==3922== by 0xA36222D: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==3922== by 0x681AC41: tvb_new (tvbuff.c:87) ==3922== by 0x681A3E4: tvb_new_subset_length (tvbuff_subset.c:113) ==3922== by 0x69304EA: dissect_btavctp (packet-btavctp.c:207) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== ==3922== Invalid read of size 2 ==3922== at 0x694F4A1: dissect_bthcrp (packet-bthcrp.c:427) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E7C19: dissector_try_string (packet.c:1458) ==3922== by 0x693068B: dissect_btavctp (packet-btavctp.c:216) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== by 0x693C2A3: dissect_bthci_acl (packet-bthci_acl.c:417) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== Address 0x15569b90 is 16 bytes after a block of size 16 alloc'd ==3922== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==3922== by 0xA34C610: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==3922== by 0x73CBE0A: wmem_simple_alloc (wmem_allocator_simple.c:55) ==3922== by 0x693049D: dissect_btavctp (packet-btavctp.c:197) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== by 0x693C2A3: dissect_bthci_acl (packet-bthci_acl.c:417) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== ==3922== Invalid read of size 2 ==3922== at 0x694F98E: dissect_bthcrp (packet-bthcrp.c:493) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E7C19: dissector_try_string (packet.c:1458) ==3922== by 0x693068B: dissect_btavctp (packet-btavctp.c:216) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E750E: dissector_try_uint_new (packet.c:1163) ==3922== by 0x695A0FF: dissect_b_frame (packet-btl2cap.c:1485) ==3922== by 0x69585A7: dissect_btl2cap (packet-btl2cap.c:2141) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== by 0x67E6C2C: call_dissector_with_data (packet.c:2570) ==3922== by 0x693C2A3: dissect_bthci_acl (packet-bthci_acl.c:417) ==3922== by 0x67E766F: call_dissector_work (packet.c:618) ==3922== Address 0x15569ba0 is not stack'd, malloc'd or (recently) free'd ==3922== ==3922== ==3922== HEAP SUMMARY: ==3922== in use at exit: 1,036,473 bytes in 28,185 blocks ==3922== total heap usage: 613,446 allocs, 585,261 frees, 51,275,534 bytes allocated ==3922== ==3922== LEAK SUMMARY: ==3922== definitely lost: 2,932 bytes in 126 blocks ==3922== indirectly lost: 36,456 bytes in 49 blocks ==3922== possibly lost: 0 bytes in 0 blocks ==3922== still reachable: 997,085 bytes in 28,010 blocks ==3922== suppressed: 0 bytes in 0 blocks ==3922== Rerun with --leak-check=full to see details of leaked memory ==3922== ==3922== For counts of detected and suppressed errors, rerun with: -v ==3922== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 0 from 0) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 11533] Buildbot crash output: fuzz-2015-09-20-32107.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11533] Buildbot crash output: fuzz-2015-09-20-32107.pcap
- Prev by Date: [Wireshark-bugs] [Bug 11488] [GTK/Qt] "assertion failed: (!packet_scope->in_scope)" while capturing and getting a dialog
- Next by Date: [Wireshark-bugs] [Bug 11534] New: Buildbot crash output: fuzz-2015-09-22-23472.pcap
- Previous by thread: [Wireshark-bugs] [Bug 11146] Cannot build
- Next by thread: [Wireshark-bugs] [Bug 11533] Buildbot crash output: fuzz-2015-09-20-32107.pcap
- Index(es):