Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11560] New: Buildbot crash output: fuzz-2015-09-30-16654.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 11560] New: Buildbot crash output: fuzz-2015-09-30-16654.p

Date: Wed, 30 Sep 2015 18:40:02 +0000

Bug ID	11560
Summary	Buildbot crash output: fuzz-2015-09-30-16654.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2015-09-30-16654.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-09-30-16654.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10865-no_dhcp_replys.pcap

Build host information:
Linux wsbb04 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3323
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=1f9fb57773b55fe127eb022ae50430c07e0640df

Return value:  0

Dissector bug:  0

Valgrind error count:  19



Git commit
commit 1f9fb57773b55fe127eb022ae50430c07e0640df
Author: Dario Lombardo <[email protected]>
Date:   Mon Sep 28 15:11:44 2015 +0200

    editcap/reordercap: rename time to frame_time.

    According to checkAPI.

    Change-Id: Iddad6253fc4711ed7870eccadb91d94e5fecd24d
    Reviewed-on: https://code.wireshark.org/review/10672
    Reviewed-by: Alexis La Goutte <[email protected]>
    Petri-Dish: Alexis La Goutte <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Michael Mann <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==24171== Memcheck, a memory error detector
==24171== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==24171== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==24171== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-09-30-16654.pcap
==24171== 
==24171== Conditional jump or move depends on uninitialised value(s)
==24171==    at 0x6848612: AirPDcapDecryptWPABroadcastKey (airpdcap.c:409)
==24171==    by 0x6847884: AirPDcapScanForKeys (airpdcap.c:1428)
==24171==    by 0x6BD3A69: dissect_ieee80211_common (packet-ieee80211.c:17688)
==24171==    by 0x6BCFA15: dissect_ieee80211 (packet-ieee80211.c:18295)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x6BBEBAB: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==24171==    by 0x67FD50D: call_dissector_work (packet.c:620)
==24171==    by 0x67FD38E: dissector_try_uint_new (packet.c:1163)
==24171==    by 0x6AE8A2F: dissect_frame (packet-frame.c:499)
==24171== 
==24171== Use of uninitialised value of size 8
==24171==    at 0x6848619: AirPDcapDecryptWPABroadcastKey (airpdcap.c:415)
==24171==    by 0x6847884: AirPDcapScanForKeys (airpdcap.c:1428)
==24171==    by 0x6BD3A69: dissect_ieee80211_common (packet-ieee80211.c:17688)
==24171==    by 0x6BCFA15: dissect_ieee80211 (packet-ieee80211.c:18295)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x6BBEBAB: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==24171==    by 0x67FD50D: call_dissector_work (packet.c:620)
==24171==    by 0x67FD38E: dissector_try_uint_new (packet.c:1163)
==24171==    by 0x6AE8A2F: dissect_frame (packet-frame.c:499)
==24171== 
==24171== Conditional jump or move depends on uninitialised value(s)
==24171==    at 0x6848625: AirPDcapDecryptWPABroadcastKey (airpdcap.c:415)
==24171==    by 0x6847884: AirPDcapScanForKeys (airpdcap.c:1428)
==24171==    by 0x6BD3A69: dissect_ieee80211_common (packet-ieee80211.c:17688)
==24171==    by 0x6BCFA15: dissect_ieee80211 (packet-ieee80211.c:18295)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x6BBEBAB: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==24171==    by 0x67FD50D: call_dissector_work (packet.c:620)
==24171==    by 0x67FD38E: dissector_try_uint_new (packet.c:1163)
==24171==    by 0x6AE8A2F: dissect_frame (packet-frame.c:499)
==24171== 
==24171== Conditional jump or move depends on uninitialised value(s)
==24171==    at 0x684862C: AirPDcapDecryptWPABroadcastKey (airpdcap.c:416)
==24171==    by 0x6847884: AirPDcapScanForKeys (airpdcap.c:1428)
==24171==    by 0x6BD3A69: dissect_ieee80211_common (packet-ieee80211.c:17688)
==24171==    by 0x6BCFA15: dissect_ieee80211 (packet-ieee80211.c:18295)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x6BBEBAB: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==24171==    by 0x67FD50D: call_dissector_work (packet.c:620)
==24171==    by 0x67FD38E: dissector_try_uint_new (packet.c:1163)
==24171==    by 0x6AE8A2F: dissect_frame (packet-frame.c:499)
==24171== 
==24171== Use of uninitialised value of size 8
==24171==    at 0x68485FB: AirPDcapDecryptWPABroadcastKey (airpdcap.c:419)
==24171==    by 0x6847884: AirPDcapScanForKeys (airpdcap.c:1428)
==24171==    by 0x6BD3A69: dissect_ieee80211_common (packet-ieee80211.c:17688)
==24171==    by 0x6BCFA15: dissect_ieee80211 (packet-ieee80211.c:18295)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x67FD4EF: call_dissector_work (packet.c:618)
==24171==    by 0x67FCAAC: call_dissector_with_data (packet.c:2572)
==24171==    by 0x6BBEBAB: dissect_radiotap (packet-ieee80211-radiotap.c:1794)
==24171==    by 0x67FD50D: call_dissector_work (packet.c:620)
==24171==    by 0x67FD38E: dissector_try_uint_new (packet.c:1163)
==24171==    by 0x6AE8A2F: dissect_frame (packet-frame.c:499)
==24171== 
==24171== 
==24171== HEAP SUMMARY:
==24171==     in use at exit: 1,036,918 bytes in 28,194 blocks
==24171==   total heap usage: 713,321 allocs, 685,127 frees, 48,379,656 bytes
allocated
==24171== 
==24171== LEAK SUMMARY:
==24171==    definitely lost: 3,044 bytes in 128 blocks
==24171==    indirectly lost: 36,456 bytes in 49 blocks
==24171==      possibly lost: 0 bytes in 0 blocks
==24171==    still reachable: 997,418 bytes in 28,017 blocks
==24171==         suppressed: 0 bytes in 0 blocks
==24171== Rerun with --leak-check=full to see details of leaked memory
==24171== 
==24171== For counts of detected and suppressed errors, rerun with: -v
==24171== Use --track-origins=yes to see where uninitialised values come from
==24171== ERROR SUMMARY: 19 errors from 5 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 11556] TShark does not display all packets even when they match a given read filter
Previous by thread: [Wireshark-bugs] [Bug 11559] [QT & Legacy] Delta Time Conversation column is empty
Index(es):
- Date
- Thread