Wireshark-bugs: [Wireshark-bugs] [Bug 12773] New: Buildbot crash output: fuzz-2016-08-21-11904.p

Date: Sun, 21 Aug 2016 13:10:03 +0000
Bug ID 12773
Summary Buildbot crash output: fuzz-2016-08-21-11904.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-08-21-11904.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-08-21-11904.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10263-coap12_00.pcap

Build host information:
Linux wsbb04 4.4.0-31-generic #50-Ubuntu SMP Wed Jul 13 00:07:12 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=46
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=0f5414b0db799f0ff1b4fa11dadd8a87d329cb0f

Return value:  0

Dissector bug:  0

Valgrind error count:  2



Git commit
commit 0f5414b0db799f0ff1b4fa11dadd8a87d329cb0f
Author: Guy Harris <[email protected]>
Date:   Fri Aug 19 16:18:43 2016 -0700

    Add a preference to byte-swap the CAN ID field.

    This can be useful when dealing with 1) captures from versions of
    libpcap without the bug fix to use DLT_CAN_SOCKETCAN_HOSTENDIAN when
    appropriate and 2) DLT_CAN_SOCKETCAN_HOSTENDIAN captures if processed by
    a machine with a different byte order from the capturing machine with
    software that doesn't properly put the field into host byte order when
    reading and writing.

    Change-Id: Ia206e5c51aecccf2508cca01cff65a4feb379ac8
    Reviewed-on: https://code.wireshark.org/review/17187
    Reviewed-by: Guy Harris <[email protected]>
    (cherry picked from commit c06da45f3cea0263cfe2a02ee4294b754e5657df)
    Reviewed-on: https://code.wireshark.org/review/17188


==25684== Memcheck, a memory error detector
==25684== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==25684== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==25684== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-08-21-11904.pcap
==25684== 
==25684== Conditional jump or move depends on uninitialised value(s)
==25684==    at 0x7533DF5: lookup_or_insert32_node (wmem_tree.c:322)
==25684==    by 0x75343FF: lookup_or_insert32 (wmem_tree.c:365)
==25684==    by 0x75343FF: wmem_tree_insert32_array (wmem_tree.c:597)
==25684==    by 0x6B124B1: dissect_coap (packet-coap.c:947)
==25684==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==25684==    by 0x693BF6E: call_dissector_work (packet.c:723)
==25684==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==25684==    by 0x693C6E0: dissector_try_uint (packet.c:1213)
==25684==    by 0x71315F9: decode_udp_ports (packet-udp.c:578)
==25684==    by 0x7131F48: dissect (packet-udp.c:1028)
==25684==    by 0x713248D: dissect_udp (packet-udp.c:1034)
==25684==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==25684==    by 0x693BF6E: call_dissector_work (packet.c:723)
==25684==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==25684==    by 0x6D437D5: ip_try_dissect (packet-ip.c:1976)
==25684== 
==25684== Conditional jump or move depends on uninitialised value(s)
==25684==    at 0x7533DF5: lookup_or_insert32_node (wmem_tree.c:322)
==25684==    by 0x6B124B1: dissect_coap (packet-coap.c:947)
==25684==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==25684==    by 0x693BF6E: call_dissector_work (packet.c:723)
==25684==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==25684==    by 0x693C6E0: dissector_try_uint (packet.c:1213)
==25684==    by 0x71315F9: decode_udp_ports (packet-udp.c:578)
==25684==    by 0x7131F48: dissect (packet-udp.c:1028)
==25684==    by 0x713248D: dissect_udp (packet-udp.c:1034)
==25684==    by 0x693BF6E: call_dissector_through_handle (packet.c:648)
==25684==    by 0x693BF6E: call_dissector_work (packet.c:723)
==25684==    by 0x693C698: dissector_try_uint_new (packet.c:1187)
==25684==    by 0x6D437D5: ip_try_dissect (packet-ip.c:1976)
==25684==    by 0x6D623DB: dissect_ipv6 (packet-ipv6.c:2198)
==25684== 
==25684== 
==25684== HEAP SUMMARY:
==25684==     in use at exit: 457,907 bytes in 9,817 blocks
==25684==   total heap usage: 262,928 allocs, 253,111 frees, 32,593,356 bytes
allocated
==25684== 
==25684== LEAK SUMMARY:
==25684==    definitely lost: 3,270 bytes in 147 blocks
==25684==    indirectly lost: 9,112 bytes in 77 blocks
==25684==      possibly lost: 0 bytes in 0 blocks
==25684==    still reachable: 445,525 bytes in 9,593 blocks
==25684==         suppressed: 0 bytes in 0 blocks
==25684== Rerun with --leak-check=full to see details of leaked memory
==25684== 
==25684== For counts of detected and suppressed errors, rerun with: -v
==25684== Use --track-origins=yes to see where uninitialised values come from
==25684== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.