Wireshark-bugs: [Wireshark-bugs] [Bug 11862] New: Buildbot crash output: fuzz-2015-12-07-21739.p

Date: Mon, 07 Dec 2015 18:20:02 +0000
Bug ID 11862
Summary Buildbot crash output: fuzz-2015-12-07-21739.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2015-12-07-21739.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2015-12-07-21739.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10685-wnm-sleepmode.pcap

Build host information:
Linux wsbb04 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3427
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=d382c7d321642dae8f25e4257da644d87b645c65

Return value:  0

Dissector bug:  0

Valgrind error count:  5



Git commit
commit d382c7d321642dae8f25e4257da644d87b645c65
Author: Michael Tüxen <[email protected]>
Date:   Sat Dec 5 14:43:11 2015 +0100

    SCTP: It is odd that the body of dissect_heartbeat_ack_chunk' function is
fully equivalent to the body of 'dissect_heartbeat_chunk' function found by PVS
Studio (V524)

    This is just a cosmetic change, which makes sense. No funtional
    change.

    Change-Id: Id24d162379093207863608e70f405e66f789276c
    Reviewed-on: https://code.wireshark.org/review/12440
    Reviewed-by: Alexis La Goutte <[email protected]>
    Petri-Dish: Alexis La Goutte <[email protected]>
    Reviewed-by: Michael Tüxen
    Reviewed-by: Michael Tüxen <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==15228== Memcheck, a memory error detector
==15228== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==15228== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==15228== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2015-12-07-21739.pcap
==15228== 
==15228== Conditional jump or move depends on uninitialised value(s)
==15228==    at 0x687A94E: AirPDcapDecryptWPABroadcastKey (airpdcap.c:421)
==15228==    by 0x6879659: AirPDcapRsna4WHandshake (airpdcap.c:1405)
==15228==    by 0x6879659: AirPDcapScanForKeys (airpdcap.c:563)
==15228==    by 0x68790B2: AirPDcapPacketProcess (airpdcap.c:762)
==15228==    by 0x6C0F743: dissect_ieee80211_common (packet-ieee80211.c:17767)
==15228==    by 0x6C0C0E5: dissect_ieee80211 (packet-ieee80211.c:18375)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x6BFB3A2: dissect_radiotap (packet-ieee80211-radiotap.c:1796)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682ECEE: dissector_try_uint_new (packet.c:1148)
==15228== 
==15228== Conditional jump or move depends on uninitialised value(s)
==15228==    at 0x687A96A: AirPDcapDecryptWPABroadcastKey (airpdcap.c:415)
==15228==    by 0x6879659: AirPDcapRsna4WHandshake (airpdcap.c:1405)
==15228==    by 0x6879659: AirPDcapScanForKeys (airpdcap.c:563)
==15228==    by 0x68790B2: AirPDcapPacketProcess (airpdcap.c:762)
==15228==    by 0x6C0F743: dissect_ieee80211_common (packet-ieee80211.c:17767)
==15228==    by 0x6C0C0E5: dissect_ieee80211 (packet-ieee80211.c:18375)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x6BFB3A2: dissect_radiotap (packet-ieee80211-radiotap.c:1796)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682ECEE: dissector_try_uint_new (packet.c:1148)
==15228== 
==15228== Use of uninitialised value of size 8
==15228==    at 0x687A943: AirPDcapDecryptWPABroadcastKey (airpdcap.c:421)
==15228==    by 0x6879659: AirPDcapRsna4WHandshake (airpdcap.c:1405)
==15228==    by 0x6879659: AirPDcapScanForKeys (airpdcap.c:563)
==15228==    by 0x68790B2: AirPDcapPacketProcess (airpdcap.c:762)
==15228==    by 0x6C0F743: dissect_ieee80211_common (packet-ieee80211.c:17767)
==15228==    by 0x6C0C0E5: dissect_ieee80211 (packet-ieee80211.c:18375)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x6BFB3A2: dissect_radiotap (packet-ieee80211-radiotap.c:1796)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682ECEE: dissector_try_uint_new (packet.c:1148)
==15228== 
==15228== Conditional jump or move depends on uninitialised value(s)
==15228==    at 0x687A954: AirPDcapDecryptWPABroadcastKey (airpdcap.c:422)
==15228==    by 0x6879659: AirPDcapRsna4WHandshake (airpdcap.c:1405)
==15228==    by 0x6879659: AirPDcapScanForKeys (airpdcap.c:563)
==15228==    by 0x68790B2: AirPDcapPacketProcess (airpdcap.c:762)
==15228==    by 0x6C0F743: dissect_ieee80211_common (packet-ieee80211.c:17767)
==15228==    by 0x6C0C0E5: dissect_ieee80211 (packet-ieee80211.c:18375)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682E37C: call_dissector_only (packet.c:2662)
==15228==    by 0x682E37C: call_dissector_with_data (packet.c:2675)
==15228==    by 0x6BFB3A2: dissect_radiotap (packet-ieee80211-radiotap.c:1796)
==15228==    by 0x682EE44: call_dissector_through_handle (packet.c:616)
==15228==    by 0x682EE44: call_dissector_work (packet.c:691)
==15228==    by 0x682ECEE: dissector_try_uint_new (packet.c:1148)
==15228== 
==15228== 
==15228== HEAP SUMMARY:
==15228==     in use at exit: 1,040,252 bytes in 28,310 blocks
==15228==   total heap usage: 239,010 allocs, 210,700 frees, 31,472,201 bytes
allocated
==15228== 
==15228== LEAK SUMMARY:
==15228==    definitely lost: 3,020 bytes in 127 blocks
==15228==    indirectly lost: 36,448 bytes in 48 blocks
==15228==      possibly lost: 0 bytes in 0 blocks
==15228==    still reachable: 1,000,784 bytes in 28,135 blocks
==15228==         suppressed: 0 bytes in 0 blocks
==15228== Rerun with --leak-check=full to see details of leaked memory
==15228== 
==15228== For counts of detected and suppressed errors, rerun with: -v
==15228== Use --track-origins=yes to see where uninitialised values come from
==15228== ERROR SUMMARY: 5 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.