Wireshark-bugs: [Wireshark-bugs] [Bug 13072] New: Buildbot crash output: fuzz-2016-10-29-31779.p
Date: Sat, 29 Oct 2016 16:10:04 +0000
| Bug ID | 13072 |
|---|---|
| Summary | Buildbot crash output: fuzz-2016-10-29-31779.pcap |
| Product | Wireshark |
| Version | unspecified |
| Hardware | x86-64 |
| URL | https://www.wireshark.org/download/automated/captures/fuzz-2016-10-29-31779.pcap |
| OS | Ubuntu |
| Status | CONFIRMED |
| Severity | Major |
| Priority | High |
| Component | Dissection engine (libwireshark) |
| Assignee | [email protected] |
| Reporter | [email protected] |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2016-10-29-31779.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/14442-tx.pcap Build host information: Linux wsbb04 4.4.0-45-generic #66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial Buildbot information: BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark BUILDBOT_WORKERNAME=fuzz-test BUILDBOT_BUILDNUMBER=216 BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/ BUILDBOT_BUILDERNAME=Fuzz Test BUILDBOT_GOT_REVISION=565b42660e80e928a4f92491ba41d73f3ade4cfa Return value: 0 Dissector bug: 0 Valgrind error count: 422 Git commit commit 565b42660e80e928a4f92491ba41d73f3ade4cfa Author: Pascal Quantin <[email protected]> Date: Fri Oct 28 14:41:40 2016 +0200 ANSI IS-637 A: fix decoding of IA5 SMS Give the right buffer to the decoding function Bug: 13065 Change-Id: I0e41e04fb68602d95ea6f060c1a37c8b8596134d Reviewed-on: https://code.wireshark.org/review/18548 Reviewed-by: Pascal Quantin <[email protected]> (cherry picked from commit 3b1d9913711d4818388e350684cadb94255a98eb) Reviewed-on: https://code.wireshark.org/review/18550 Command and args: ./tools/valgrind-wireshark.sh ==7911== Memcheck, a memory error detector ==7911== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==7911== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==7911== Command: /home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr /fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-10-29-31779.pcap ==7911== ==7911== Invalid read of size 1 ==7911== at 0xAC73C80: vfprintf (vfprintf.c:1632) ==7911== by 0xAD3AFD5: __vsnprintf_chk (vsnprintf_chk.c:63) ==7911== by 0x73BB64F: wmem_strdup_vprintf (wmem_strutl.c:105) ==7911== by 0x73BB763: wmem_strdup_printf (wmem_strutl.c:75) ==7911== by 0x732D059: PIDL_dissect_policy_hnd (packet-dcerpc-nt.c:1095) ==7911== by 0x731BC94: winreg_dissect_element_OpenHKPN_handle_ (packet-dcerpc-winreg.c:4491) ==7911== by 0x6A801FC: dissect_deferred_pointers (packet-dcerpc.c:2557) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x6A80818: dissect_ndr_pointer_cb (packet-dcerpc.c:2899) ==7911== by 0x6A80818: dissect_ndr_toplevel_pointer (packet-dcerpc.c:2903) ==7911== by 0x731A303: winreg_dissect_element_OpenKey_handle (packet-dcerpc-winreg.c:2746) ==7911== by 0x731A303: winreg_dissect_OpenKey_response (packet-dcerpc-winreg.c:2773) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== by 0x6A7EB1D: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811) ==7911== Address 0x132cabc0 is 0 bytes inside a block of size 107 free'd ==7911== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x73B9DDC: wmem_simple_free_all (wmem_allocator_simple.c:107) ==7911== by 0x73BAA3B: wmem_leave_packet_scope (wmem_scopes.c:81) ==7911== by 0x4143C8: process_packet (tshark.c:3741) ==7911== by 0x40D01A: load_cap_file (tshark.c:3497) ==7911== by 0x40D01A: main (tshark.c:2210) ==7911== Block was alloc'd at ==7911== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x9FE17E7: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==7911== by 0x73B9F0A: wmem_simple_realloc (wmem_allocator_simple.c:90) ==7911== by 0x73BB51C: wmem_strbuf_finalize (wmem_strbuf.c:252) ==7911== by 0x732B8D6: cb_wstr_postprocess (packet-dcerpc-nt.c:1233) ==7911== by 0x6A80226: dissect_deferred_pointers (packet-dcerpc.c:2559) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x731C04B: cnf_dissect_winreg_String (packet-dcerpc-winreg.c:632) ==7911== by 0x731CFE8: winreg_dissect_element_OpenKey_keyname (packet-dcerpc-winreg.c:2722) ==7911== by 0x731CFE8: winreg_dissect_OpenKey_request (packet-dcerpc-winreg.c:2790) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== by 0x6A7EB1D: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811) ==7911== by 0x6A82B77: dissect_dcerpc_cn_rqst (packet-dcerpc.c:4112) ==7911== by 0x6A82B77: dissect_dcerpc_cn (packet-dcerpc.c:5039) ==7911== ==7911== Invalid read of size 1 ==7911== at 0x4C35030: __GI_mempcpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0xACA05FD: _IO_default_xsputn (genops.c:438) ==7911== by 0xAC734CA: vfprintf (vfprintf.c:1632) ==7911== by 0xAD3AFD5: __vsnprintf_chk (vsnprintf_chk.c:63) ==7911== by 0x73BB64F: wmem_strdup_vprintf (wmem_strutl.c:105) ==7911== by 0x73BB763: wmem_strdup_printf (wmem_strutl.c:75) ==7911== by 0x732D059: PIDL_dissect_policy_hnd (packet-dcerpc-nt.c:1095) ==7911== by 0x731BC94: winreg_dissect_element_OpenHKPN_handle_ (packet-dcerpc-winreg.c:4491) ==7911== by 0x6A801FC: dissect_deferred_pointers (packet-dcerpc.c:2557) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x6A80818: dissect_ndr_pointer_cb (packet-dcerpc.c:2899) ==7911== by 0x6A80818: dissect_ndr_toplevel_pointer (packet-dcerpc.c:2903) ==7911== by 0x731A303: winreg_dissect_element_OpenKey_handle (packet-dcerpc-winreg.c:2746) ==7911== by 0x731A303: winreg_dissect_OpenKey_response (packet-dcerpc-winreg.c:2773) ==7911== Address 0x132cac06 is 70 bytes inside a block of size 107 free'd ==7911== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x73B9DDC: wmem_simple_free_all (wmem_allocator_simple.c:107) ==7911== by 0x73BAA3B: wmem_leave_packet_scope (wmem_scopes.c:81) ==7911== by 0x4143C8: process_packet (tshark.c:3741) ==7911== by 0x40D01A: load_cap_file (tshark.c:3497) ==7911== by 0x40D01A: main (tshark.c:2210) ==7911== Block was alloc'd at ==7911== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x9FE17E7: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==7911== by 0x73B9F0A: wmem_simple_realloc (wmem_allocator_simple.c:90) ==7911== by 0x73BB51C: wmem_strbuf_finalize (wmem_strbuf.c:252) ==7911== by 0x732B8D6: cb_wstr_postprocess (packet-dcerpc-nt.c:1233) ==7911== by 0x6A80226: dissect_deferred_pointers (packet-dcerpc.c:2559) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x731C04B: cnf_dissect_winreg_String (packet-dcerpc-winreg.c:632) ==7911== by 0x731CFE8: winreg_dissect_element_OpenKey_keyname (packet-dcerpc-winreg.c:2722) ==7911== by 0x731CFE8: winreg_dissect_OpenKey_request (packet-dcerpc-winreg.c:2790) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== by 0x6A7EB1D: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811) ==7911== by 0x6A82B77: dissect_dcerpc_cn_rqst (packet-dcerpc.c:4112) ==7911== by 0x6A82B77: dissect_dcerpc_cn (packet-dcerpc.c:5039) ==7911== ==7911== Invalid read of size 1 ==7911== at 0x4C35040: __GI_mempcpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0xACA05FD: _IO_default_xsputn (genops.c:438) ==7911== by 0xAC734CA: vfprintf (vfprintf.c:1632) ==7911== by 0xAD3AFD5: __vsnprintf_chk (vsnprintf_chk.c:63) ==7911== by 0x73BB64F: wmem_strdup_vprintf (wmem_strutl.c:105) ==7911== by 0x73BB763: wmem_strdup_printf (wmem_strutl.c:75) ==7911== by 0x732D059: PIDL_dissect_policy_hnd (packet-dcerpc-nt.c:1095) ==7911== by 0x731BC94: winreg_dissect_element_OpenHKPN_handle_ (packet-dcerpc-winreg.c:4491) ==7911== by 0x6A801FC: dissect_deferred_pointers (packet-dcerpc.c:2557) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x6A80818: dissect_ndr_pointer_cb (packet-dcerpc.c:2899) ==7911== by 0x6A80818: dissect_ndr_toplevel_pointer (packet-dcerpc.c:2903) ==7911== by 0x731A303: winreg_dissect_element_OpenKey_handle (packet-dcerpc-winreg.c:2746) ==7911== by 0x731A303: winreg_dissect_OpenKey_response (packet-dcerpc-winreg.c:2773) ==7911== Address 0x132cac04 is 68 bytes inside a block of size 107 free'd ==7911== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x73B9DDC: wmem_simple_free_all (wmem_allocator_simple.c:107) ==7911== by 0x73BAA3B: wmem_leave_packet_scope (wmem_scopes.c:81) ==7911== by 0x4143C8: process_packet (tshark.c:3741) ==7911== by 0x40D01A: load_cap_file (tshark.c:3497) ==7911== by 0x40D01A: main (tshark.c:2210) ==7911== Block was alloc'd at ==7911== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x9FE17E7: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==7911== by 0x73B9F0A: wmem_simple_realloc (wmem_allocator_simple.c:90) ==7911== by 0x73BB51C: wmem_strbuf_finalize (wmem_strbuf.c:252) ==7911== by 0x732B8D6: cb_wstr_postprocess (packet-dcerpc-nt.c:1233) ==7911== by 0x6A80226: dissect_deferred_pointers (packet-dcerpc.c:2559) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x731C04B: cnf_dissect_winreg_String (packet-dcerpc-winreg.c:632) ==7911== by 0x731CFE8: winreg_dissect_element_OpenKey_keyname (packet-dcerpc-winreg.c:2722) ==7911== by 0x731CFE8: winreg_dissect_OpenKey_request (packet-dcerpc-winreg.c:2790) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== by 0x6A7EB1D: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811) ==7911== by 0x6A82B77: dissect_dcerpc_cn_rqst (packet-dcerpc.c:4112) ==7911== by 0x6A82B77: dissect_dcerpc_cn (packet-dcerpc.c:5039) ==7911== ==7911== Invalid read of size 1 ==7911== at 0xACA05D2: _IO_default_xsputn (genops.c:455) ==7911== by 0xAC734CA: vfprintf (vfprintf.c:1632) ==7911== by 0xAD3AFD5: __vsnprintf_chk (vsnprintf_chk.c:63) ==7911== by 0x73BB64F: wmem_strdup_vprintf (wmem_strutl.c:105) ==7911== by 0x73BB763: wmem_strdup_printf (wmem_strutl.c:75) ==7911== by 0x732D059: PIDL_dissect_policy_hnd (packet-dcerpc-nt.c:1095) ==7911== by 0x731BC94: winreg_dissect_element_OpenHKPN_handle_ (packet-dcerpc-winreg.c:4491) ==7911== by 0x6A801FC: dissect_deferred_pointers (packet-dcerpc.c:2557) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x6A80818: dissect_ndr_pointer_cb (packet-dcerpc.c:2899) ==7911== by 0x6A80818: dissect_ndr_toplevel_pointer (packet-dcerpc.c:2903) ==7911== by 0x731A303: winreg_dissect_element_OpenKey_handle (packet-dcerpc-winreg.c:2746) ==7911== by 0x731A303: winreg_dissect_OpenKey_response (packet-dcerpc-winreg.c:2773) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== Address 0x132cac07 is 71 bytes inside a block of size 107 free'd ==7911== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x73B9DDC: wmem_simple_free_all (wmem_allocator_simple.c:107) ==7911== by 0x73BAA3B: wmem_leave_packet_scope (wmem_scopes.c:81) ==7911== by 0x4143C8: process_packet (tshark.c:3741) ==7911== by 0x40D01A: load_cap_file (tshark.c:3497) ==7911== by 0x40D01A: main (tshark.c:2210) ==7911== Block was alloc'd at ==7911== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x9FE17E7: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==7911== by 0x73B9F0A: wmem_simple_realloc (wmem_allocator_simple.c:90) ==7911== by 0x73BB51C: wmem_strbuf_finalize (wmem_strbuf.c:252) ==7911== by 0x732B8D6: cb_wstr_postprocess (packet-dcerpc-nt.c:1233) ==7911== by 0x6A80226: dissect_deferred_pointers (packet-dcerpc.c:2559) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x731C04B: cnf_dissect_winreg_String (packet-dcerpc-winreg.c:632) ==7911== by 0x731CFE8: winreg_dissect_element_OpenKey_keyname (packet-dcerpc-winreg.c:2722) ==7911== by 0x731CFE8: winreg_dissect_OpenKey_request (packet-dcerpc-winreg.c:2790) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== by 0x6A7EB1D: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811) ==7911== by 0x6A82B77: dissect_dcerpc_cn_rqst (packet-dcerpc.c:4112) ==7911== by 0x6A82B77: dissect_dcerpc_cn (packet-dcerpc.c:5039) ==7911== ==7911== Invalid read of size 1 ==7911== at 0xAC73C80: vfprintf (vfprintf.c:1632) ==7911== by 0xAD3AFD5: __vsnprintf_chk (vsnprintf_chk.c:63) ==7911== by 0x73BB69D: wmem_strdup_vprintf (wmem_strutl.c:112) ==7911== by 0x73BB763: wmem_strdup_printf (wmem_strutl.c:75) ==7911== by 0x732D059: PIDL_dissect_policy_hnd (packet-dcerpc-nt.c:1095) ==7911== by 0x731BC94: winreg_dissect_element_OpenHKPN_handle_ (packet-dcerpc-winreg.c:4491) ==7911== by 0x6A801FC: dissect_deferred_pointers (packet-dcerpc.c:2557) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x6A80818: dissect_ndr_pointer_cb (packet-dcerpc.c:2899) ==7911== by 0x6A80818: dissect_ndr_toplevel_pointer (packet-dcerpc.c:2903) ==7911== by 0x731A303: winreg_dissect_element_OpenKey_handle (packet-dcerpc-winreg.c:2746) ==7911== by 0x731A303: winreg_dissect_OpenKey_response (packet-dcerpc-winreg.c:2773) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== by 0x6A7EB1D: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811) ==7911== Address 0x132cabc0 is 0 bytes inside a block of size 107 free'd ==7911== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x73B9DDC: wmem_simple_free_all (wmem_allocator_simple.c:107) ==7911== by 0x73BAA3B: wmem_leave_packet_scope (wmem_scopes.c:81) ==7911== by 0x4143C8: process_packet (tshark.c:3741) ==7911== by 0x40D01A: load_cap_file (tshark.c:3497) ==7911== by 0x40D01A: main (tshark.c:2210) ==7911== Block was alloc'd at ==7911== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7911== by 0x9FE17E7: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==7911== by 0x73B9F0A: wmem_simple_realloc (wmem_allocator_simple.c:90) ==7911== by 0x73BB51C: wmem_strbuf_finalize (wmem_strbuf.c:252) ==7911== by 0x732B8D6: cb_wstr_postprocess (packet-dcerpc-nt.c:1233) ==7911== by 0x6A80226: dissect_deferred_pointers (packet-dcerpc.c:2559) ==7911== by 0x6A803A3: dissect_ndr_pointer_cb.part.15 (packet-dcerpc.c:2875) ==7911== by 0x731C04B: cnf_dissect_winreg_String (packet-dcerpc-winreg.c:632) ==7911== by 0x731CFE8: winreg_dissect_element_OpenKey_keyname (packet-dcerpc-winreg.c:2722) ==7911== by 0x731CFE8: winreg_dissect_OpenKey_request (packet-dcerpc-winreg.c:2790) ==7911== by 0x6A7E4F7: dcerpc_try_handoff (packet-dcerpc.c:3151) ==7911== by 0x6A7EB1D: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811) ==7911== by 0x6A82B77: dissect_dcerpc_cn_rqst (packet-dcerpc.c:4112) ==7911== by 0x6A82B77: dissect_dcerpc_cn (packet-dcerpc.c:5039) ==7911== ==7911== ==7911== HEAP SUMMARY: ==7911== in use at exit: 1,040,343 bytes in 28,419 blocks ==7911== total heap usage: 378,035 allocs, 349,616 frees, 37,601,064 bytes allocated ==7911== ==7911== LEAK SUMMARY: ==7911== definitely lost: 7,201 bytes in 176 blocks ==7911== indirectly lost: 36,640 bytes in 60 blocks ==7911== possibly lost: 0 bytes in 0 blocks ==7911== still reachable: 996,502 bytes in 28,183 blocks ==7911== suppressed: 0 bytes in 0 blocks ==7911== Rerun with --leak-check=full to see details of leaked memory ==7911== ==7911== For counts of detected and suppressed errors, rerun with: -v ==7911== ERROR SUMMARY: 422 errors from 5 contexts (suppressed: 1 from 1) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- Prev by Date: [Wireshark-bugs] [Bug 13068] ieee802154: an area of Payload IEs is dissected twice
- Next by Date: [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- Previous by thread: [Wireshark-bugs] [Bug 13071] Buildbot crash output: fuzz-2016-10-29-17840.pcap
- Next by thread: [Wireshark-bugs] [Bug 13072] Buildbot crash output: fuzz-2016-10-29-31779.pcap
- Index(es):