Wireshark-bugs: [Wireshark-bugs] [Bug 12842] New: Buildbot crash output: fuzz-2016-09-08-24687.p
Date: Thu, 08 Sep 2016 20:00:03 +0000
Bug ID | 12842 |
---|---|
Summary | Buildbot crash output: fuzz-2016-09-08-24687.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2016-09-08-24687.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2016-09-08-24687.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/5982-ipp_print_test_page_from_UML_to_host_cups-pdf_printer.pcap Build host information: Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial Buildbot information: BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark BUILDBOT_WORKERNAME=clang-code-analysis BUILDBOT_BUILDNUMBER=3662 BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_GOT_REVISION=468acff2bd38227ff04421cb964fe0cea0eeeccb Return value: 1 Dissector bug: 0 Valgrind error count: 0 Git commit commit 468acff2bd38227ff04421cb964fe0cea0eeeccb Author: Pascal Quantin <[email protected]> Date: Thu Sep 8 17:04:43 2016 +0200 PER: only display internal extension presence bit if activated in preferences Change-Id: I889b32c5e609c8c10ed2a8aa5a5e6d5b88baadc4 Reviewed-on: https://code.wireshark.org/review/17580 Petri-Dish: Pascal Quantin <[email protected]> Tested-by: Petri Dish Buildbot <[email protected]> Reviewed-by: Pascal Quantin <[email protected]> ================================================================= ==21939==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0005447a0 at pc 0x000000440e63 bp 0x7ffeaba18230 sp 0x7ffeaba179e0 READ of size 89 at 0x60c0005447a0 thread T0 #0 0x440e62 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440e62) #1 0x50f9ca (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50f9ca) #2 0x50e690 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50e690) #3 0x508cf5 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x508cf5) #4 0x7f38d34a482f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #5 0x423288 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x423288) 0x60c0005447f8 is located 0 bytes to the right of 120-byte region [0x60c000544780,0x60c0005447f8) freed by thread T0 here: #0 0x4c3230 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4c3230) #1 0x7f38deac9383 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x8ede383) #2 0x508cf5 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x508cf5) #3 0x7f38d34a482f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) previously allocated by thread T0 here: #0 0x4c33b8 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4c33b8) #1 0x7f38d52bf728 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f728) #2 0x7f38deacce32 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x8ee1e32) #3 0x7f38ddc27b58 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x803cb58) #4 0x7f38dd4c383c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78d883c) SUMMARY: AddressSanitizer: heap-use-after-free (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440e62) Shadow bytes around the buggy address: 0x0c18800a08a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a08b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a08c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a08d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c18800a08e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c18800a08f0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fa 0x0c18800a0900: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c18800a0910: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa 0x0c18800a0920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c18800a0930: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c18800a0940: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==21939==ABORTING [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 12842] Buildbot crash output: fuzz-2016-09-08-24687.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12842] Buildbot crash output: fuzz-2016-09-08-24687.pcap
- Prev by Date: [Wireshark-bugs] [Bug 12837] Qt: Gigantic format list when open capture file
- Next by Date: [Wireshark-bugs] [Bug 12842] Buildbot crash output: fuzz-2016-09-08-24687.pcap
- Previous by thread: [Wireshark-bugs] [Bug 12841] Buildbot crash output: fuzz-2016-09-06-10235.pcap
- Next by thread: [Wireshark-bugs] [Bug 12842] Buildbot crash output: fuzz-2016-09-08-24687.pcap
- Index(es):