Wireshark-bugs: [Wireshark-bugs] [Bug 12916] New: Buildbot crash output: fuzz-2016-09-17-3735.pc
Date: Sat, 17 Sep 2016 18:00:03 +0000
Bug ID | 12916 |
---|---|
Summary | Buildbot crash output: fuzz-2016-09-17-3735.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2016-09-17-3735.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2016-09-17-3735.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/11007-packet-loss.pcap Build host information: Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial Buildbot information: BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark BUILDBOT_WORKERNAME=clang-code-analysis BUILDBOT_BUILDNUMBER=3692 BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_GOT_REVISION=c82303610d0727f938ec003aeec7c2c7cc4693f0 Return value: 1 Dissector bug: 0 Valgrind error count: 0 Git commit commit c82303610d0727f938ec003aeec7c2c7cc4693f0 Author: Pascal Quantin <[email protected]> Date: Sat Sep 17 18:36:32 2016 +0200 ISUP: do not display Called Party Number twice Bug: 12911 Change-Id: I3632ffbeb85a96d9268eca6ddc0f8b38587688c4 Reviewed-on: https://code.wireshark.org/review/17758 Reviewed-by: Pascal Quantin <[email protected]> ================================================================= ==9665==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffddbfbc951 at pc 0x000000440f03 bp 0x7ffddbfbc650 sp 0x7ffddbfbbe00 READ of size 7 at 0x7ffddbfbc951 thread T0 #0 0x440f02 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440f02) #1 0x7f6d5c1834f2 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x684f2) #2 0x7f6d6449bdd3 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7a04dd3) #3 0x7f6d643cfba7 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7938ba7) #4 0x7f6d643d00ea (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x79390ea) #5 0x7f6d648b058d (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1958d) #6 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #7 0x7f6d643886ac (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac) #8 0x7f6d54e1a882 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x138882) #9 0x7f6d54e070a3 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x1250a3) #10 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #11 0x7f6d6438ab08 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f3b08) #12 0x7f6d54dfb4c4 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x1194c4) #13 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #14 0x7f6d643886ac (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac) #15 0x7f6d54df996f (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x11796f) #16 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #17 0x7f6d643886ac (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac) #18 0x7f6d54df71a2 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x1151a2) #19 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #20 0x7f6d643886ac (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac) #21 0x7f6d55180ac0 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/m2m.so+0x6ac0) #22 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #23 0x7f6d6438ab08 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f3b08) #24 0x7f6d648ee838 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e57838) #25 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #26 0x7f6d643886ac (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac) #27 0x7f6d648ece48 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e55e48) #28 0x7f6d648eb770 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e54770) #29 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #30 0x7f6d6438a50a (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f350a) #31 0x7f6d649367af (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e9f7af) #32 0x7f6d6438a83c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c) #33 0x7f6d643886ac (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac) #34 0x7f6d64387e7a (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f0e7a) #35 0x7f6d6436e06e (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78d706e) #36 0x50ea04 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50ea04) #37 0x5090d5 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x5090d5) #38 0x7f6d5a34f82f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #39 0x423328 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x423328) Address 0x7ffddbfbc951 is located in stack of thread T0 at offset 49 in frame #0 0x7f6d648afd3f (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e18d3f) This frame has 3 object(s): [32, 33) 'eap_identity_prefix.i' [48, 49) 'eap_identity_prefix' <== Memory access at offset 49 overflows this variable [64, 72) 'frag_tree_item' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440f02) Shadow bytes around the buggy address: 0x10003b7ef8d0: 00 00 00 00 f1 f1 f1 f1 04 f2 04 f3 00 00 00 00 0x10003b7ef8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003b7ef8f0: f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 0x10003b7ef900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003b7ef910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x10003b7ef920: 00 00 00 00 f1 f1 f1 f1 01 f2[01]f2 00 f3 f3 f3 0x10003b7ef930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003b7ef940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003b7ef950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003b7ef960: f1 f1 f1 f1 00 04 f3 f3 00 00 00 00 00 00 00 00 0x10003b7ef970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==9665==ABORTING [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 12916] Buildbot crash output: fuzz-2016-09-17-3735.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12916] Buildbot crash output: fuzz-2016-09-17-3735.pcap
- Prev by Date: [Wireshark-bugs] [Bug 12907] Option 82 suboption 12 is displayed as Unknown in linux version of tshark
- Next by Date: [Wireshark-bugs] [Bug 12916] Buildbot crash output: fuzz-2016-09-17-3735.pcap
- Previous by thread: [Wireshark-bugs] [Bug 12915] New: SMB2 MessageId should be stored and rendered as an unsigned 64-bit integer
- Next by thread: [Wireshark-bugs] [Bug 12916] Buildbot crash output: fuzz-2016-09-17-3735.pcap
- Index(es):