Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12730] New: Buildbot crash output: fuzz-2016-08-09-28026.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12730] New: Buildbot crash output: fuzz-2016-08-09-28026.p

Date: Wed, 10 Aug 2016 03:30:04 +0000

Bug ID	12730
Summary	Buildbot crash output: fuzz-2016-08-09-28026.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-08-09-28026.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-08-09-28026.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/14798-1.pcap

Build host information:
Linux wsbb04 4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=164
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=c0150ff8b711746d16504ec0e1c506e60dcb3aab

Return value:  0

Dissector bug:  0

Valgrind error count:  5



Git commit
commit c0150ff8b711746d16504ec0e1c506e60dcb3aab
Author: Gerald Combs <[email protected]>
Date:   Sun Aug 7 08:17:55 2016 -0700

    [Automatic update for 2016-08-07]

    Update manuf, services enterprise-numbers, translations, and other items.

    Change-Id: Ia6cdfcd340f9b7fbea13eedb977112ad6c5a3058
    Reviewed-on: https://code.wireshark.org/review/16943
    Reviewed-by: Gerald Combs <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==20926== Memcheck, a memory error detector
==20926== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==20926== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==20926== Command:
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-08-09-28026.pcap
==20926== 
==20926== Invalid read of size 1
==20926==    at 0x6E378FA: dissect_qnet6_lr (packet-qnet6.c:1620)
==20926==    by 0x6E378FA: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==20926==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==20926==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==  Address 0x1310ddb3 is 0 bytes after a block of size 3 alloc'd
==20926==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==20926==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==20926==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==20926==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==20926==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==20926==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926== 
==20926== Invalid read of size 1
==20926==    at 0x6E378FE: dissect_qnet6_lr (packet-qnet6.c:1620)
==20926==    by 0x6E378FE: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==20926==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==20926==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==  Address 0x1310ddb7 is 4 bytes after a block of size 3 alloc'd
==20926==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==20926==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==20926==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==20926==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==20926==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==20926==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926== 
==20926== Invalid read of size 1
==20926==    at 0x6E37909: dissect_qnet6_lr (packet-qnet6.c:1620)
==20926==    by 0x6E37909: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==20926==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==20926==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==  Address 0x1310ddb6 is 3 bytes after a block of size 3 alloc'd
==20926==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==20926==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==20926==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==20926==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==20926==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==20926==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926== 
==20926== Invalid read of size 1
==20926==    at 0x6E3790D: dissect_qnet6_lr (packet-qnet6.c:1620)
==20926==    by 0x6E3790D: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==20926==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==20926==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==  Address 0x1310ddb5 is 2 bytes after a block of size 3 alloc'd
==20926==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==20926==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==20926==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==20926==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==20926==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==20926==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926== 
==20926== Invalid read of size 1
==20926==    at 0x6E37912: dissect_qnet6_lr (packet-qnet6.c:1620)
==20926==    by 0x6E37912: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==20926==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==20926==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==  Address 0x1310ddb4 is 1 bytes after a block of size 3 alloc'd
==20926==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==20926==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==20926==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==20926==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==20926==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==20926==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==20926==    by 0x6850880: dissector_try_uint (packet.c:1189)
==20926==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==20926==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==20926==    by 0x684FFF4: call_dissector_work (packet.c:706)
==20926== 
==20926== 
==20926== HEAP SUMMARY:
==20926==     in use at exit: 1,032,550 bytes in 28,292 blocks
==20926==   total heap usage: 240,848 allocs, 212,556 frees, 31,395,425 bytes
allocated
==20926== 
==20926== LEAK SUMMARY:
==20926==    definitely lost: 2,908 bytes in 125 blocks
==20926==    indirectly lost: 36,448 bytes in 48 blocks
==20926==      possibly lost: 0 bytes in 0 blocks
==20926==    still reachable: 993,194 bytes in 28,119 blocks
==20926==         suppressed: 0 bytes in 0 blocks
==20926== Rerun with --leak-check=full to see details of leaked memory
==20926== 
==20926== For counts of detected and suppressed errors, rerun with: -v
==20926== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 1 from 1)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12730] Buildbot crash output: fuzz-2016-08-09-28026.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12730] Buildbot crash output: fuzz-2016-08-09-28026.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12729] New: Buildbot crash output: fuzz-2016-08-09-999.pcap
Next by Date: [Wireshark-bugs] [Bug 12728] ZGP encrypted differencce between packet details and bytes
Previous by thread: [Wireshark-bugs] [Bug 12729] Buildbot crash output: fuzz-2016-08-09-999.pcap
Next by thread: [Wireshark-bugs] [Bug 12730] Buildbot crash output: fuzz-2016-08-09-28026.pcap
Index(es):
- Date
- Thread