Wireshark-bugs: [Wireshark-bugs] [Bug 12106] New: Buildbot crash output: fuzz-2016-02-09-3681.pc

Date: Wed, 10 Feb 2016 14:00:02 +0000
Bug ID 12106
Summary Buildbot crash output: fuzz-2016-02-09-3681.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-02-09-3681.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-02-09-3681.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/892-detail-M3UA.cap

Build host information:
Linux wsbb04 3.13.0-74-generic #118-Ubuntu SMP Thu Dec 17 22:52:10 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3497
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=093514eb49a7b2780f49cccae905c7d963301180

Return value:  1

Dissector bug:  0

Valgrind error count:  0



Git commit
commit 093514eb49a7b2780f49cccae905c7d963301180
Author: Stig Bjørlykke <[email protected]>
Date:   Tue Feb 9 00:02:33 2016 +0100

    Lua: Check out-of-bounds before tvb_strsize()

    Add a check for out-of-bounds before calling tvb_strsize() because
    this will THROW an exception if not finding a terminating NUL.

    Unhandled exceptions will mess up Lua luaL_error() handling and
    will end up in a crash.

    Change-Id: Ieafef59a3858656e0d8c79904828b631657b4cbc
    Reviewed-on: https://code.wireshark.org/review/13842
    Petri-Dish: Stig Bjørlykke <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Anders Broman <[email protected]>


Command and args:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nVxr

=================================================================
==31975==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7f351a4b76b8 at pc 0x7f35172fe395 bp 0x7ffd86e647f0 sp 0x7ffd86e647e8
READ of size 8 at 0x7f351a4b76b8 thread T0
    #0 0x7f35172fe394 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x753a394)
    #1 0x7f351800a9bf 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x82469bf)
    #2 0x7f35172febcc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x753abcc)
    #3 0x7f351800a941 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x8246941)
    #4 0x7f35172fbefb 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7537efb)
    #5 0x7f351800a89f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x824689f)
    #6 0x7f35172febcc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x753abcc)
    #7 0x7f351800a7a1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x82467a1)
    #8 0x7f3517300f05 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x753cf05)
    #9 0x7f3517301765 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x753d765)
    #10 0x7f351800a75f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x824675f)
    #11 0x7f35172f40cb 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x75300cb)
    #12 0x7f351800a71d 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x824671d)
    #13 0x7f35172fbefb 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7537efb)
    #14 0x7f3518009924 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x8245924)
    #15 0x7f35172febcc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x753abcc)
    #16 0x7f35180097ad 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x82457ad)
    #17 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #18 0x7f35170f36fc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x732f6fc)
    #19 0x7f3518377025 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x85b3025)
    #20 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #21 0x7f35170f52ba 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x73312ba)
    #22 0x7f3517be33b9 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1f3b9)
    #23 0x7f3517be2977 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1e977)
    #24 0x7f3517be2dbd 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1edbd)
    #25 0x7f3517bdf6b2 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1b6b2)
    #26 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #27 0x7f35170f58c8 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x73318c8)
    #28 0x7f35178d1fcd 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7b0dfcd)
    #29 0x7f35178ce480 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7b0a480)
    #30 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #31 0x7f35170f52ba 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x73312ba)
    #32 0x7f3517c1b566 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e57566)
    #33 0x7f3517c14057 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e50057)
    #34 0x7f3517c10de1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e4cde1)
    #35 0x7f3517c101a5 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e4c1a5)
    #36 0x7f3517c0dceb 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e49ceb)
    #37 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #38 0x7f35170f52ba 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x73312ba)
    #39 0x7f35177b5933 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x79f1933)
    #40 0x7f35177b8941 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x79f4941)
    #41 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #42 0x7f35170f58c8 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x73318c8)
    #43 0x7f35175db9c9 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78179c9)
    #44 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #45 0x7f35170f36fc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x732f6fc)
    #46 0x7f35175da441 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7816441)
    #47 0x7f35175d9220 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7815220)
    #48 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #49 0x7f35170f52ba 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x73312ba)
    #50 0x7f3517623c25 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x785fc25)
    #51 0x7f35170f5621 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7331621)
    #52 0x7f35170f36fc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x732f6fc)
    #53 0x7f35170f2f18 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x732ef18)
    #54 0x7f35170d367e 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x730f67e)
    #55 0x501145 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x501145)
    #56 0x4fb96b 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4fb96b)
    #57 0x7f350ca02ec4  (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #58 0x43fc26 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x43fc26)

0x7f351a4b76b8 is located 8 bytes to the left of global variable
'T_paramSequence_sequence' defined in
'../../asn1/ansi_tcap/ansi_tcap.cnf:170:29' (0x7f351a4b76c0) of size 32
0x7f351a4b76b8 is located 24 bytes to the right of global variable
'T_paramSet_set' defined in '../../asn1/ansi_tcap/ansi_tcap.cnf:183:29'
(0x7f351a4b7680) of size 32
Shadow bytes around the buggy address:
  0x0fe72348ee80: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 00 00 03
  0x0fe72348ee90: f9 f9 f9 f9 00 00 06 f9 f9 f9 f9 f9 00 00 00 00
  0x0fe72348eea0: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x0fe72348eeb0: 00 04 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
  0x0fe72348eec0: 07 f9 f9 f9 f9 f9 f9 f9 00 00 00 01 f9 f9 f9 f9
=>0x0fe72348eed0: 00 00 00 00 f9 f9 f9[f9]00 00 00 00 f9 f9 f9 f9
  0x0fe72348eee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe72348eef0: 00 00 00 05 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x0fe72348ef00: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 03 f9 f9 f9
  0x0fe72348ef10: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9
  0x0fe72348ef20: f9 f9 f9 f9 00 07 f9 f9 f9 f9 f9 f9 00 03 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==31975==ABORTING

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.