Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12736] New: Buildbot crash output: fuzz-2016-08-11-16875.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12736] New: Buildbot crash output: fuzz-2016-08-11-16875.p

Date: Fri, 12 Aug 2016 02:50:04 +0000
Bug ID	12736
Summary	Buildbot crash output: fuzz-2016-08-11-16875.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-08-11-16875.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-08-11-16875.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/14798-1.pcap

Build host information:
Linux wsbb04 4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=165
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=17d01b73825baf80167155306c59036c11fbc63c

Return value:  0

Dissector bug:  0

Valgrind error count:  5



Git commit
commit 17d01b73825baf80167155306c59036c11fbc63c
Author: Guy Harris <[email protected]>
Date:   Tue Aug 9 12:48:49 2016 -0700

    Update to Lua 5.2.4.

    Change-Id: Icadf4001799a58c5bc686caff4ffa99289bf08a8
    Reviewed-on: https://code.wireshark.org/review/16980
    Reviewed-by: Guy Harris <[email protected]>
    (cherry picked from commit e812c0e384ff7e8ae17c9ec681f3aba0416b3615)
    Reviewed-on: https://code.wireshark.org/review/16982


Command and args: ./tools/valgrind-wireshark.sh 

==30616== Memcheck, a memory error detector
==30616== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==30616== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==30616== Command:
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-08-11-16875.pcap
==30616== 
==30616== Invalid read of size 1
==30616==    at 0x6E378FA: dissect_qnet6_lr (packet-qnet6.c:1620)
==30616==    by 0x6E378FA: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==30616==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==30616==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==  Address 0x1310dca3 is 0 bytes after a block of size 3 alloc'd
==30616==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30616==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==30616==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==30616==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==30616==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==30616==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616== 
==30616== Invalid read of size 1
==30616==    at 0x6E378FE: dissect_qnet6_lr (packet-qnet6.c:1620)
==30616==    by 0x6E378FE: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==30616==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==30616==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==  Address 0x1310dca7 is 4 bytes after a block of size 3 alloc'd
==30616==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30616==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==30616==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==30616==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==30616==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==30616==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616== 
==30616== Invalid read of size 1
==30616==    at 0x6E37909: dissect_qnet6_lr (packet-qnet6.c:1620)
==30616==    by 0x6E37909: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==30616==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==30616==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==  Address 0x1310dca6 is 3 bytes after a block of size 3 alloc'd
==30616==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30616==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==30616==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==30616==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==30616==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==30616==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616== 
==30616== Invalid read of size 1
==30616==    at 0x6E3790D: dissect_qnet6_lr (packet-qnet6.c:1620)
==30616==    by 0x6E3790D: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==30616==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==30616==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==  Address 0x1310dca5 is 2 bytes after a block of size 3 alloc'd
==30616==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30616==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==30616==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==30616==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==30616==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==30616==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616== 
==30616== Invalid read of size 1
==30616==    at 0x6E37912: dissect_qnet6_lr (packet-qnet6.c:1620)
==30616==    by 0x6E37912: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6852181: call_dissector_with_data (packet.c:2563)
==30616==    by 0x6AF131B: dissect_eth_common (packet-eth.c:545)
==30616==    by 0x6AF2080: dissect_eth (packet-eth.c:841)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==  Address 0x1310dca4 is 1 bytes after a block of size 3 alloc'd
==30616==    at 0x4C2FD5F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30616==    by 0x9FCB7E7: g_realloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==30616==    by 0x73ADACA: wmem_simple_realloc (wmem_allocator_simple.c:90)
==30616==    by 0x73AF0DC: wmem_strbuf_finalize (wmem_strbuf.c:252)
==30616==    by 0x6E36ACD: dissect_qnet6_lr (packet-qnet6.c:1585)
==30616==    by 0x6E36ACD: dissect_qnet6 (packet-qnet6.c:4258)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616==    by 0x6850838: dissector_try_uint_new (packet.c:1163)
==30616==    by 0x6850880: dissector_try_uint (packet.c:1189)
==30616==    by 0x6AF2B32: dissect_ethertype (packet-ethertype.c:308)
==30616==    by 0x684F66E: call_dissector_through_handle (packet.c:618)
==30616==    by 0x684FFF4: call_dissector_work (packet.c:706)
==30616== 
==30616== 
==30616== HEAP SUMMARY:
==30616==     in use at exit: 1,032,550 bytes in 28,292 blocks
==30616==   total heap usage: 240,845 allocs, 212,553 frees, 31,395,369 bytes
allocated
==30616== 
==30616== LEAK SUMMARY:
==30616==    definitely lost: 2,908 bytes in 125 blocks
==30616==    indirectly lost: 36,448 bytes in 48 blocks
==30616==      possibly lost: 0 bytes in 0 blocks
==30616==    still reachable: 993,194 bytes in 28,119 blocks
==30616==         suppressed: 0 bytes in 0 blocks
==30616== Rerun with --leak-check=full to see details of leaked memory
==30616== 
==30616== For counts of detected and suppressed errors, rerun with: -v
==30616== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 1 from 1)

[ no debug trace ]
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 12736] Buildbot crash output: fuzz-2016-08-11-16875.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 12735] New: Buildbot crash output: fuzz-2016-08-11-31587.pcap
Next by Date: [Wireshark-bugs] [Bug 12737] New: Wireshark 2 Configuration Persistence
Previous by thread: [Wireshark-bugs] [Bug 12735] Buildbot crash output: fuzz-2016-08-11-31587.pcap
Next by thread: [Wireshark-bugs] [Bug 12736] Buildbot crash output: fuzz-2016-08-11-16875.pcap
Index(es):
- Date
- Thread