Wireshark-bugs: [Wireshark-bugs] [Bug 12840] New: Buildbot crash output: fuzz-2016-09-08-30893.p
Date: Thu, 08 Sep 2016 17:20:04 +0000
Bug ID | 12840 |
---|---|
Summary | Buildbot crash output: fuzz-2016-09-08-30893.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2016-09-08-30893.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2016-09-08-30893.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/5982-ipp_print_test_page_from_UML_to_host_cups-pdf_printer.pcap Build host information: Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial Buildbot information: BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark BUILDBOT_WORKERNAME=clang-code-analysis BUILDBOT_BUILDNUMBER=3661 BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_GOT_REVISION=1e83b59af8698256c11bb66fe13f912f3ba75471 Return value: 1 Dissector bug: 0 Valgrind error count: 0 Git commit commit 1e83b59af8698256c11bb66fe13f912f3ba75471 Author: Pascal Quantin <[email protected]> Date: Thu Sep 8 07:20:29 2016 +0200 U3V: ensure that gencp_transaction_t structure is fully initialized Bug: 12829 Change-Id: Iee8817fc0331af037284e5ec21b30671c6b3bd7d Reviewed-on: https://code.wireshark.org/review/17569 Reviewed-by: Pascal Quantin <[email protected]> ================================================================= ==6660==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000549f60 at pc 0x000000440e63 bp 0x7ffe484fd150 sp 0x7ffe484fc900 READ of size 89 at 0x60c000549f60 thread T0 #0 0x440e62 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440e62) #1 0x50f9ca (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50f9ca) #2 0x50e690 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50e690) #3 0x508cf5 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x508cf5) #4 0x7f8b0249382f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x423288 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x423288) 0x60c000549fb8 is located 0 bytes to the right of 120-byte region [0x60c000549f40,0x60c000549fb8) freed by thread T0 here: #0 0x4c3230 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4c3230) #1 0x7f8b0dab8183 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x8ede183) #2 0x508cf5 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x508cf5) #3 0x7f8b0249382f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) previously allocated by thread T0 here: #0 0x4c33b8 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4c33b8) #1 0x7f8b042ae728 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f728) #2 0x7f8b0dabbc32 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x8ee1c32) #3 0x7f8b0cc16ac8 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x803cac8) #4 0x7f8b0c4b27ac (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78d87ac) SUMMARY: AddressSanitizer: heap-use-after-free (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440e62) Shadow bytes around the buggy address: 0x0c18800a1390: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a13a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a13b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a13c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a13d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c18800a13e0: fa fa fa fa fa fa fa fa fd fd fd fd[fd]fd fd fd 0x0c18800a13f0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa 0x0c18800a1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c18800a1410: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c18800a1420: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x0c18800a1430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==6660==ABORTING [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 12840] Buildbot crash output: fuzz-2016-09-08-30893.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12840] Buildbot crash output: fuzz-2016-09-08-30893.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12840] Buildbot crash output: fuzz-2016-09-08-30893.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12840] Buildbot crash output: fuzz-2016-09-08-30893.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12840] Buildbot crash output: fuzz-2016-09-08-30893.pcap
- Prev by Date: [Wireshark-bugs] [Bug 12826] usage http-tcp dissector from lua dissector lead to Segmentation fault
- Next by Date: [Wireshark-bugs] [Bug 12840] Buildbot crash output: fuzz-2016-09-08-30893.pcap
- Previous by thread: [Wireshark-bugs] [Bug 12839] Buildbot crash output: randpkt-2016-09-08-27704.pcap
- Next by thread: [Wireshark-bugs] [Bug 12840] Buildbot crash output: fuzz-2016-09-08-30893.pcap
- Index(es):