Wireshark-bugs: [Wireshark-bugs] [Bug 12034] New: "Conditional jump or move depends on uninitial

Date: Tue, 19 Jan 2016 20:35:03 +0000
Bug ID 12034
Summary "Conditional jump or move depends on uninitialised value(s)" in HTTP reassembly
Product Wireshark
Version 2.0.1
Hardware x86-64
OS Ubuntu
Status CONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Build Information:
Git 8458a0c1bba27819ba3af23abfb7c88132d92043 on the 2.0 buildbot.
--
Running ./tools/valgrind-wireshark.sh -b
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin  with args: ""
"-T" (1 passes)

Starting pass 1:
    /home/wireshark/menagerie/menagerie/0000.cap: () (-T)  OK
    /home/wireshark/menagerie/menagerie/0001.txt.10: Not a valid capture file
    /home/wireshark/menagerie/menagerie/0001.txt.147: Not a valid capture file
    /home/wireshark/menagerie/menagerie/0001.txt.40: () (-T)  OK
    /home/wireshark/menagerie/menagerie/0001.txt.6: () (-T)  OK
    /home/wireshark/menagerie/menagerie/0001.txt.743: () (-T)  OK
    /home/wireshark/menagerie/menagerie/001349.cap: () 
 ERROR
Processing failed. Capture info follows:

  Input file: /home/wireshark/menagerie/menagerie/001349.cap
  Output file:
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-01-19-31758.pcap

stderr follows:

Input file: /home/wireshark/menagerie/menagerie/001349.cap

Build host information:
Linux wsbb04 3.13.0-74-generic #118-Ubuntu SMP Thu Dec 17 22:52:10 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=62
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_SLAVENAME=fuzz-test
BUILDBOT_GOT_REVISION=8458a0c1bba27819ba3af23abfb7c88132d92043

Return value:  0

Dissector bug:  0

Valgrind error count:  11



Git commit
commit 8458a0c1bba27819ba3af23abfb7c88132d92043
Author: João Valverde <[email protected]>
Date:   Mon Jan 18 17:06:39 2016 +0000

    Fix "Apply As Filter..." for BASE_PT field display types

    Change-Id: Id92c16d04836b7871a26a285bee5bcf358ca50ef
    Reviewed-on: https://code.wireshark.org/review/13399
    Reviewed-by: João Valverde <[email protected]>
    (cherry picked from commit 69e80c4d87a259c09721198aecd62a7fdb2f4f7e)
    Reviewed-on: https://code.wireshark.org/review/13402


Command and args: ./tools/valgrind-wireshark.sh 

==1615== Memcheck, a memory error detector
==1615== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==1615== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==1615== Command:
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-01-19-31758.pcap
==1615== 
==1615== Conditional jump or move depends on uninitialised value(s)
==1615==    at 0x68648EA: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:148)
==1615==    by 0x6BC04FF: dissect_http_message (packet-http.c:810)
==1615==    by 0x6BC28FE: dissect_http (packet-http.c:2951)
==1615==    by 0x6840A0E: call_dissector_through_handle (packet.c:618)
==1615==    by 0x68413A4: call_dissector_work (packet.c:706)
==1615==    by 0x6841B9B: dissector_try_uint_new (packet.c:1163)
==1615==    by 0x6F8B505: decode_tcp_ports (packet-tcp.c:4622)
==1615==    by 0x6F8B8BE: process_tcp_payload (packet-tcp.c:4680)
==1615==    by 0x6F8BEA5: desegment_tcp (packet-tcp.c:2270)
==1615==    by 0x6F8BEA5: dissect_tcp_payload (packet-tcp.c:4747)
==1615==    by 0x6F8DBDB: dissect_tcp (packet-tcp.c:5602)
==1615==    by 0x68409D3: call_dissector_through_handle (packet.c:620)
==1615==    by 0x68413A4: call_dissector_work (packet.c:706)
==1615== 
==1615== Conditional jump or move depends on uninitialised value(s)
==1615==    at 0x686498F: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:228)
==1615==    by 0x6BC04FF: dissect_http_message (packet-http.c:810)
==1615==    by 0x6BC28FE: dissect_http (packet-http.c:2951)
==1615==    by 0x6840A0E: call_dissector_through_handle (packet.c:618)
==1615==    by 0x68413A4: call_dissector_work (packet.c:706)
==1615==    by 0x6841B9B: dissector_try_uint_new (packet.c:1163)
==1615==    by 0x6F8B505: decode_tcp_ports (packet-tcp.c:4622)
==1615==    by 0x6F8B8BE: process_tcp_payload (packet-tcp.c:4680)
==1615==    by 0x6F8BEA5: desegment_tcp (packet-tcp.c:2270)
==1615==    by 0x6F8BEA5: dissect_tcp_payload (packet-tcp.c:4747)
==1615==    by 0x6F8DBDB: dissect_tcp (packet-tcp.c:5602)
==1615==    by 0x68409D3: call_dissector_through_handle (packet.c:620)
==1615==    by 0x68413A4: call_dissector_work (packet.c:706)
==1615== 
==1615== 
==1615== HEAP SUMMARY:
==1615==     in use at exit: 1,039,793 bytes in 28,333 blocks
==1615==   total heap usage: 238,029 allocs, 209,696 frees, 31,116,685 bytes
allocated
==1615== 
==1615== LEAK SUMMARY:
==1615==    definitely lost: 2,908 bytes in 125 blocks
==1615==    indirectly lost: 36,448 bytes in 48 blocks
==1615==      possibly lost: 0 bytes in 0 blocks
==1615==    still reachable: 1,000,437 bytes in 28,160 blocks
==1615==         suppressed: 0 bytes in 0 blocks
==1615== Rerun with --leak-check=full to see details of leaked memory
==1615== 
==1615== For counts of detected and suppressed errors, rerun with: -v
==1615== Use --track-origins=yes to see where uninitialised values come from
==1615== ERROR SUMMARY: 11 errors from 2 contexts (suppressed: 0 from 0)


You are receiving this mail because:
  • You are watching all bug changes.