Wireshark-bugs: [Wireshark-bugs] [Bug 11850] New: Buildbot crash output: fuzz-2015-12-03-17013.p

Date: Fri, 04 Dec 2015 04:40:03 +0000
Bug ID 11850
Summary Buildbot crash output: fuzz-2015-12-03-17013.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-12-03-17013.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-12-03-17013.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/13060-qnx640_withqnx641.cap

Build host information:
Linux wsbb04 3.13.0-68-generic #111-Ubuntu SMP Fri Nov 6 18:17:06 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3418
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=7e18954a276f93c78e4ae7129ad97d73ec6d91aa

Return value:  0

Dissector bug:  0

Valgrind error count:  4



Git commit
commit 7e18954a276f93c78e4ae7129ad97d73ec6d91aa
Author: Pascal Quantin <[email protected]>
Date:   Tue Dec 1 19:40:41 2015 +0100

    Qt: fix generation of silence samples

    The current code generates a shrill noise at least on Windows.
    Presumably memccpy does not behave as initially expected :)

    Change-Id: Id23a35d1d41ef4044b6a96c093a8fa927828f8b3
    Reviewed-on: https://code.wireshark.org/review/12337
    Reviewed-by: Pascal Quantin <[email protected]>
    Petri-Dish: Pascal Quantin <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Anders Broman <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==21649== Memcheck, a memory error detector
==21649== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==21649== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==21649== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-12-03-17013.pcap
==21649== 
==21649== Invalid read of size 1
==21649==    at 0x6E3648D: dissect_qnet6 (packet-qnet6.c:1632)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828CFE: dissector_try_uint_new (packet.c:1148)
==21649==    by 0x6B1A8AF: dissect_frame (packet-frame.c:500)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==  Address 0x12e6acb4 is 0 bytes after a block of size 4 alloc'd
==21649==    at 0x4C2CE8E: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21649==    by 0xA2176AE: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==21649==    by 0x741F819: wmem_simple_realloc (wmem_allocator_simple.c:90)
==21649==    by 0x7421089: wmem_strbuf_finalize (wmem_strbuf.c:252)
==21649==    by 0x6E36392: dissect_qnet6 (packet-qnet6.c:1585)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649== 
==21649== Invalid read of size 1
==21649==    at 0x6E36491: dissect_qnet6 (packet-qnet6.c:1632)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828CFE: dissector_try_uint_new (packet.c:1148)
==21649==    by 0x6B1A8AF: dissect_frame (packet-frame.c:500)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==  Address 0x12e6acb5 is 1 bytes after a block of size 4 alloc'd
==21649==    at 0x4C2CE8E: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21649==    by 0xA2176AE: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==21649==    by 0x741F819: wmem_simple_realloc (wmem_allocator_simple.c:90)
==21649==    by 0x7421089: wmem_strbuf_finalize (wmem_strbuf.c:252)
==21649==    by 0x6E36392: dissect_qnet6 (packet-qnet6.c:1585)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649== 
==21649== Invalid read of size 1
==21649==    at 0x6E36495: dissect_qnet6 (packet-qnet6.c:1632)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828CFE: dissector_try_uint_new (packet.c:1148)
==21649==    by 0x6B1A8AF: dissect_frame (packet-frame.c:500)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==  Address 0x12e6acb6 is 2 bytes after a block of size 4 alloc'd
==21649==    at 0x4C2CE8E: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21649==    by 0xA2176AE: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==21649==    by 0x741F819: wmem_simple_realloc (wmem_allocator_simple.c:90)
==21649==    by 0x7421089: wmem_strbuf_finalize (wmem_strbuf.c:252)
==21649==    by 0x6E36392: dissect_qnet6 (packet-qnet6.c:1585)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649== 
==21649== Invalid read of size 1
==21649==    at 0x6E36499: dissect_qnet6 (packet-qnet6.c:1632)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828CFE: dissector_try_uint_new (packet.c:1148)
==21649==    by 0x6B1A8AF: dissect_frame (packet-frame.c:500)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==  Address 0x12e6acb7 is 3 bytes after a block of size 4 alloc'd
==21649==    at 0x4C2CE8E: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21649==    by 0xA2176AE: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==21649==    by 0x741F819: wmem_simple_realloc (wmem_allocator_simple.c:90)
==21649==    by 0x7421089: wmem_strbuf_finalize (wmem_strbuf.c:252)
==21649==    by 0x6E36392: dissect_qnet6 (packet-qnet6.c:1585)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x6828F19: dissector_try_uint (packet.c:1148)
==21649==    by 0x6AEDEC1: dissect_ethertype (packet-ethertype.c:307)
==21649==    by 0x6828E54: call_dissector_work (packet.c:616)
==21649==    by 0x682838C: call_dissector_with_data (packet.c:2662)
==21649==    by 0x6AED6BA: dissect_eth_common (packet-eth.c:545)
==21649==    by 0x6AEC88F: dissect_eth_maybefcs (packet-eth.c:828)
==21649== 
==21649== 
==21649== HEAP SUMMARY:
==21649==     in use at exit: 1,039,588 bytes in 28,303 blocks
==21649==   total heap usage: 265,501 allocs, 237,198 frees, 32,263,497 bytes
allocated
==21649== 
==21649== LEAK SUMMARY:
==21649==    definitely lost: 2,908 bytes in 125 blocks
==21649==    indirectly lost: 36,448 bytes in 48 blocks
==21649==      possibly lost: 0 bytes in 0 blocks
==21649==    still reachable: 1,000,232 bytes in 28,130 blocks
==21649==         suppressed: 0 bytes in 0 blocks
==21649== Rerun with --leak-check=full to see details of leaked memory
==21649== 
==21649== For counts of detected and suppressed errors, rerun with: -v
==21649== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.