Wireshark-bugs: [Wireshark-bugs] [Bug 12278] New: Buildbot crash output: fuzz-2016-03-22-29021.p

Date: Wed, 23 Mar 2016 01:10:05 +0000
Bug ID 12278
Summary Buildbot crash output: fuzz-2016-03-22-29021.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-03-22-29021.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-03-22-29021.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10860-packet-gsm.pcap

Build host information:
Linux wsbb04 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.4 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3553
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=bb48c859c98b00320398f54f14fd9b16f4fa3cf2

Return value:  1

Dissector bug:  0

Valgrind error count:  0



Git commit
commit bb48c859c98b00320398f54f14fd9b16f4fa3cf2
Author: Gerald Combs <[email protected]>
Date:   Tue Mar 15 09:49:48 2016 -0700

    Qt: Normalize timerEvents

    Make our timerEvent code more consistent. Make sure we use timer IDs and
    that we call our base class timerEvent everywhere.

    Change-Id: Ib67daa459a8a2f9b67487c3952b7b35c7f162f7e
    Reviewed-on: https://code.wireshark.org/review/14480
    Petri-Dish: Gerald Combs <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Gerald Combs <[email protected]>


=================================================================
==6454==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffc50966c90 at pc 0x7f754c35ad85 bp 0x7ffc50966b90 sp 0x7ffc50966b88
READ of size 1 at 0x7ffc50966c90 thread T0
    #0 0x7f754c35ad84 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x796ad84)
    #1 0x7f754bd75891 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
    #2 0x7f754bd7399c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738399c)
    #3 0x7f754c36b660 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x797b660)
    #4 0x7f754bd75891 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
    #5 0x7f754bd75b38 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385b38)
    #6 0x7f754caa7631 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80b7631)
    #7 0x7f754caabd39 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80bbd39)
    #8 0x7f754caa8bdd 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80b8bdd)
    #9 0x7f754bd75891 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
    #10 0x7f754bd7552a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738552a)
    #11 0x7f754c457f13 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7a67f13)
    #12 0x7f754c45afcb 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7a6afcb)
    #13 0x7f754bd75891 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
    #14 0x7f754bd75b38 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385b38)
    #15 0x7f754c276451 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7886451)
    #16 0x7f754bd75891 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
    #17 0x7f754bd7399c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738399c)
    #18 0x7f754c274bf6 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7884bf6)
    #19 0x7f754c273840 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7883840)
    #20 0x7f754bd75891 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
    #21 0x7f754bd7552a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738552a)
    #22 0x7f754c2c00b2 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78d00b2)
    #23 0x7f754bd75891 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
    #24 0x7f754bd7399c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738399c)
    #25 0x7f754bd73192 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7383192)
    #26 0x7f754bd5370e 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x736370e)
    #27 0x50116c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50116c)
    #28 0x4fbd78 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4fbd78)
    #29 0x7f7541c98ec4  (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #30 0x440366 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440366)

Address 0x7ffc50966c90 is located in stack of thread T0 at offset 80 in frame
    #0 0x7f754c359b6f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7969b6f)

  This frame has 3 object(s):
    [32, 80) 'new_slots.i' <== Memory access at offset 80 overflows this
variable
    [112, 208) 'other_slots.i'
    [240, 248) 'item.i'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
Shadow bytes around the buggy address:
  0x10000a124d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000a124d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000a124d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000a124d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000a124d80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
=>0x10000a124d90: 00 00[f2]f2 f2 f2 00 00 00 00 00 00 00 00 00 00
  0x10000a124da0: 00 00 f2 f2 f2 f2 00 f3 f3 f3 f3 f3 00 00 00 00
  0x10000a124db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000a124dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000a124dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10000a124de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==6454==ABORTING

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.