Wireshark-bugs: [Wireshark-bugs] [Bug 12836] New: Buildbot crash output: fuzz-2016-09-06-25482.p

Date: Wed, 07 Sep 2016 20:10:03 +0000
Bug ID 12836
Summary Buildbot crash output: fuzz-2016-09-06-25482.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-09-06-25482.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-06-25482.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/usb_u3v_sample.pcapng

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=77
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=e553366562bd04fd9a2aa7937c49b9291e84a77e

Return value:  0

Dissector bug:  0

Valgrind error count:  16



Git commit
commit e553366562bd04fd9a2aa7937c49b9291e84a77e
Author: Mirko Parthey <[email protected]>
Date:   Mon Sep 5 16:39:45 2016 +0200

    ISAKMP: Fix handling of cert requests without CA

    Check IKEv1 Certificate Request Payloads for an empty
    Certificate Authority field, which is allowed by RFC 2408.
    Suppress dissection of this field if it is indeed empty.

    Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
    Reviewed-on: https://code.wireshark.org/review/17501
    Reviewed-by: Michael Mann <[email protected]>
    Petri-Dish: Michael Mann <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Alexis La Goutte <[email protected]>
    (cherry picked from commit 70f3737c3e4d9402cb2bb67cdd892e0e7e0ee991)
    Reviewed-on: https://code.wireshark.org/review/17504


==17333== Memcheck, a memory error detector
==17333== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==17333== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==17333== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-06-25482.pcap
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE42: dissect_u3v_register_bases (packet-u3v.c:1030)
==17333==    by 0x712EE42: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE42: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE4B: dissect_u3v_register_bases (packet-u3v.c:1031)
==17333==    by 0x712EE4B: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE4B: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE58: dissect_u3v_register_bases (packet-u3v.c:1031)
==17333==    by 0x712EE58: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE58: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE72: dissect_u3v_register_bases (packet-u3v.c:1040)
==17333==    by 0x712EE72: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE72: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== 
==17333== HEAP SUMMARY:
==17333==     in use at exit: 445,912 bytes in 9,614 blocks
==17333==   total heap usage: 258,745 allocs, 249,131 frees, 32,625,322 bytes
allocated
==17333== 
==17333== LEAK SUMMARY:
==17333==    definitely lost: 343 bytes in 20 blocks
==17333==    indirectly lost: 362 bytes in 4 blocks
==17333==      possibly lost: 0 bytes in 0 blocks
==17333==    still reachable: 445,207 bytes in 9,590 blocks
==17333==         suppressed: 0 bytes in 0 blocks
==17333== Rerun with --leak-check=full to see details of leaked memory
==17333== 
==17333== For counts of detected and suppressed errors, rerun with: -v
==17333== Use --track-origins=yes to see where uninitialised values come from
==17333== ERROR SUMMARY: 16 errors from 4 contexts (suppressed: 1 from 1)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.