Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13015] New: Buildbot crash output: fuzz-2016-10-14-31162.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 13015] New: Buildbot crash output: fuzz-2016-10-14-31162.p

Date: Fri, 14 Oct 2016 07:50:06 +0000
Bug ID	13015
Summary	Buildbot crash output: fuzz-2016-10-14-31162.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-10-14-31162.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-10-14-31162.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3746
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=7cef0cb93cc44ed02cd68caa79d3d97173b0edfe

Return value:  0

Dissector bug:  0

Valgrind error count:  79



Git commit
commit 7cef0cb93cc44ed02cd68caa79d3d97173b0edfe
Author: Michael Mann <[email protected]>
Date:   Sun Oct 9 20:01:45 2016 -0400

    Add Local Service Discovery (LSD) protocol

    Bug: 12985
    Change-Id: Iceacd3d122337091380d56bd7fa9875bf7cb4d47
    Reviewed-on: https://code.wireshark.org/review/18134
    Petri-Dish: Michael Mann <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Michael Mann <[email protected]>


==18700== Memcheck, a memory error detector
==18700== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==18700== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==18700== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-10-14-31162.pcap
==18700== 

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 7:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 40:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 43:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 56:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==18700== Conditional jump or move depends on uninitialised value(s)
==18700==    at 0x6B279BA: dissect_le_frame (packet-btl2cap.c:2007)
==18700==    by 0x6B279BA: dissect_btl2cap (packet-btl2cap.c:2765)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6B2C095: dissect_btle (packet-btle.c:976)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6F59924: dissect_nordic_ble (packet-nordic_ble.c:566)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6C8B922: dissect_exported_pdu (packet-exported_pdu.c:285)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699B06E: dissector_try_uint_new (packet.c:1290)
==18700== 

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 64:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==18700== Conditional jump or move depends on uninitialised value(s)
==18700==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18700==    by 0x69C3C43: addresses_equal (address.h:230)
==18700==    by 0x69C3C43: fragment_addresses_equal (reassemble.c:82)
==18700==    by 0xA6AFDCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18700==    by 0x69C5146: lookup_fd_head (reassemble.c:541)
==18700==    by 0x69C5146: fragment_add_seq_common (reassemble.c:1827)
==18700==    by 0x69C5737: fragment_add_seq_check_work (reassemble.c:1978)
==18700==    by 0x69C57F9: fragment_add_seq_next (reassemble.c:2041)
==18700==    by 0x6B2C4B9: dissect_btle (packet-btle.c:883)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6F59924: dissect_nordic_ble (packet-nordic_ble.c:566)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700== 
==18700== Conditional jump or move depends on uninitialised value(s)
==18700==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18700==    by 0x69C3C7D: addresses_equal (address.h:230)
==18700==    by 0x69C3C7D: fragment_addresses_equal (reassemble.c:83)
==18700==    by 0xA6AFDCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18700==    by 0x69C5146: lookup_fd_head (reassemble.c:541)
==18700==    by 0x69C5146: fragment_add_seq_common (reassemble.c:1827)
==18700==    by 0x69C5737: fragment_add_seq_check_work (reassemble.c:1978)
==18700==    by 0x69C57F9: fragment_add_seq_next (reassemble.c:2041)
==18700==    by 0x6B2C4B9: dissect_btle (packet-btle.c:883)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6F59924: dissect_nordic_ble (packet-nordic_ble.c:566)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700== 

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 67:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 83:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 86:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 95:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet 97:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==18700== Conditional jump or move depends on uninitialised value(s)
==18700==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18700==    by 0x69C3C43: addresses_equal (address.h:230)
==18700==    by 0x69C3C43: fragment_addresses_equal (reassemble.c:82)
==18700==    by 0xA6AF5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18700==    by 0x69C5754: fragment_unhash (reassemble.c:789)
==18700==    by 0x69C5754: fragment_add_seq_check_work (reassemble.c:1993)
==18700==    by 0x69C57F9: fragment_add_seq_next (reassemble.c:2041)
==18700==    by 0x6B2C4B9: dissect_btle (packet-btle.c:883)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6F59924: dissect_nordic_ble (packet-nordic_ble.c:566)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6C8B922: dissect_exported_pdu (packet-exported_pdu.c:285)
==18700== 
==18700== Conditional jump or move depends on uninitialised value(s)
==18700==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18700==    by 0x69C3C7D: addresses_equal (address.h:230)
==18700==    by 0x69C3C7D: fragment_addresses_equal (reassemble.c:83)
==18700==    by 0xA6AF5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18700==    by 0x69C5754: fragment_unhash (reassemble.c:789)
==18700==    by 0x69C5754: fragment_add_seq_check_work (reassemble.c:1993)
==18700==    by 0x69C57F9: fragment_add_seq_next (reassemble.c:2041)
==18700==    by 0x6B2C4B9: dissect_btle (packet-btle.c:883)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6F59924: dissect_nordic_ble (packet-nordic_ble.c:566)
==18700==    by 0x699B1A5: call_dissector_through_handle (packet.c:650)
==18700==    by 0x699B1A5: call_dissector_work (packet.c:725)
==18700==    by 0x699A24C: call_dissector_only (packet.c:2953)
==18700==    by 0x699A24C: call_dissector_with_data (packet.c:2966)
==18700==    by 0x6C8B922: dissect_exported_pdu (packet-exported_pdu.c:285)
==18700== 

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
153: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
192: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
245: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
246: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
247: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
261: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
276: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
319: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
356: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
363: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
367: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
368: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
374: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
380: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
399: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
410: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
416: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
429: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
452: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
456: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
457: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
474: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
483: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
487: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
504: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
573: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
580: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
594: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
619: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
622: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
633: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
635: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
637: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
645: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
668: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
679: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
713: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
722: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
730: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
733: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
737: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
757: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
777: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
789: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
824: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
829: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
847: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
858: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
861: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
866: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18700): WARNING **: Dissector bug, protocol exported_pdu, in packet
888: packet-exported_pdu.c:253: failed assertion "version == 1"

** (process:18700): WARNING **: Dissector bug, protocol BT LE LL, in packet
911: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==18700== 
==18700== HEAP SUMMARY:
==18700==     in use at exit: 6,014,165 bytes in 9,689 blocks
==18700==   total heap usage: 283,029 allocs, 273,340 frees, 37,701,979 bytes
allocated
==18700== 
==18700== LEAK SUMMARY:
==18700==    definitely lost: 1,192 bytes in 40 blocks
==18700==    indirectly lost: 0 bytes in 0 blocks
==18700==      possibly lost: 0 bytes in 0 blocks
==18700==    still reachable: 6,012,973 bytes in 9,649 blocks
==18700==         suppressed: 0 bytes in 0 blocks
==18700== Rerun with --leak-check=full to see details of leaked memory
==18700== 
==18700== For counts of detected and suppressed errors, rerun with: -v
==18700== Use --track-origins=yes to see where uninitialised values come from
==18700== ERROR SUMMARY: 79 errors from 5 contexts (suppressed: 0 from 0)

[ no debug trace ]
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 13015] Buildbot crash output: fuzz-2016-10-14-31162.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13015] Buildbot crash output: fuzz-2016-10-14-31162.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13015] Buildbot crash output: fuzz-2016-10-14-31162.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13015] Buildbot crash output: fuzz-2016-10-14-31162.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 12993] CLNP dissector does not parse ER NPDU properly
Next by Date: [Wireshark-bugs] [Bug 13013] SNMP trap bindings for NON scalar OIDs
Previous by thread: [Wireshark-bugs] [Bug 12244] Add ISO8583-1 'financial transaction card originated messages - Interchange message specification' dissector
Next by thread: [Wireshark-bugs] [Bug 13015] Buildbot crash output: fuzz-2016-10-14-31162.pcap
Index(es):
- Date
- Thread