Wireshark-bugs: [Wireshark-bugs] [Bug 12771] New: Buildbot crash output: fuzz-2016-08-20-18156.p

Date: Sat, 20 Aug 2016 18:20:03 +0000
Bug ID 12771
Summary Buildbot crash output: fuzz-2016-08-20-18156.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-08-20-18156.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-08-20-18156.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10263-coap12_00.pcap

Build host information:
Linux wsbb04 4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=45
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=566e8719fa1066877b125df24f52ca74edfddfdb

Return value:  0

Dissector bug:  0

Valgrind error count:  2



Git commit
commit 566e8719fa1066877b125df24f52ca74edfddfdb
Author: Pascal Quantin <[email protected]>
Date:   Fri Aug 19 18:00:36 2016 +0200

    NLM: fix dissection of NLM_FREE_ALL message

    The second parameter is the state, not the status as seen in C702 doc, page
159

    Bug: 12764
    Change-Id: I0a91a0e586c7663ace7c4c6b1044cafc1c0975ac
    Reviewed-on: https://code.wireshark.org/review/17178
    Reviewed-by: Pascal Quantin <[email protected]>
    Petri-Dish: Pascal Quantin <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Alexis La Goutte <[email protected]>
    (cherry picked from commit 6cfb20da0dd5617c620e7f48f95e931c19a0dac4)
    Reviewed-on: https://code.wireshark.org/review/17185


==9656== Memcheck, a memory error detector
==9656== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9656== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9656== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-08-20-18156.pcap
==9656== 
==9656== Conditional jump or move depends on uninitialised value(s)
==9656==    at 0x7533DC5: lookup_or_insert32_node (wmem_tree.c:322)
==9656==    by 0x75343CF: lookup_or_insert32 (wmem_tree.c:365)
==9656==    by 0x75343CF: wmem_tree_insert32_array (wmem_tree.c:597)
==9656==    by 0x6B124B1: dissect_coap (packet-coap.c:947)
==9656==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==9656==    by 0x693BF6E: call_dissector_work (packet.c:723)
==9656==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==9656==    by 0x693C6E0: dissector_try_uint (packet.c:1213)
==9656==    by 0x71315C9: decode_udp_ports (packet-udp.c:578)
==9656==    by 0x7131F18: dissect (packet-udp.c:1028)
==9656==    by 0x713245D: dissect_udp (packet-udp.c:1034)
==9656==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==9656==    by 0x693BF6E: call_dissector_work (packet.c:723)
==9656==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==9656==    by 0x6D437D5: ip_try_dissect (packet-ip.c:1976)
==9656== 
==9656== Conditional jump or move depends on uninitialised value(s)
==9656==    at 0x7533DC5: lookup_or_insert32_node (wmem_tree.c:322)
==9656==    by 0x6B124B1: dissect_coap (packet-coap.c:947)
==9656==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==9656==    by 0x693BF6E: call_dissector_work (packet.c:723)
==9656==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==9656==    by 0x693C6E0: dissector_try_uint (packet.c:1213)
==9656==    by 0x71315C9: decode_udp_ports (packet-udp.c:578)
==9656==    by 0x7131F18: dissect (packet-udp.c:1028)
==9656==    by 0x713245D: dissect_udp (packet-udp.c:1034)
==9656==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==9656==    by 0x693BF6E: call_dissector_work (packet.c:723)
==9656==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==9656==    by 0x6D437D5: ip_try_dissect (packet-ip.c:1976)
==9656==    by 0x6D623DB: dissect_ipv6 (packet-ipv6.c:2198)
==9656== 
==9656== 
==9656== HEAP SUMMARY:
==9656==     in use at exit: 457,907 bytes in 9,817 blocks
==9656==   total heap usage: 262,910 allocs, 253,093 frees, 32,591,802 bytes
allocated
==9656== 
==9656== LEAK SUMMARY:
==9656==    definitely lost: 3,270 bytes in 147 blocks
==9656==    indirectly lost: 9,112 bytes in 77 blocks
==9656==      possibly lost: 0 bytes in 0 blocks
==9656==    still reachable: 445,525 bytes in 9,593 blocks
==9656==         suppressed: 0 bytes in 0 blocks
==9656== Rerun with --leak-check=full to see details of leaked memory
==9656== 
==9656== For counts of detected and suppressed errors, rerun with: -v
==9656== Use --track-origins=yes to see where uninitialised values come from
==9656== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.