Wireshark-bugs: [Wireshark-bugs] [Bug 13074] New: Buildbot crash output: fuzz-2016-10-30-3319.pc
Date: Sun, 30 Oct 2016 14:40:04 +0000
Bug ID | 13074 |
---|---|
Summary | Buildbot crash output: fuzz-2016-10-30-3319.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2016-10-30-3319.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | [email protected] |
Reporter | [email protected] |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2016-10-30-3319.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/11027-packet-ber.pcap Build host information: Linux wsbb04 4.4.0-45-generic #66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial Buildbot information: BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark BUILDBOT_WORKERNAME=clang-code-analysis BUILDBOT_BUILDNUMBER=3768 BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_GOT_REVISION=bdf99169cc699e36bd47e22514f8ac6b31f59bee Return value: 0 Dissector bug: 0 Valgrind error count: 71 Git commit commit bdf99169cc699e36bd47e22514f8ac6b31f59bee Author: Alexis La Goutte <[email protected]> Date: Thu Oct 27 18:22:30 2016 +0200 btavdtp: fix fix spelling typo found by lintian Change-Id: I15d4343787a7c6b1c16ca8aa77ef2ddd159e6ef0 Reviewed-on: https://code.wireshark.org/review/18543 Petri-Dish: Alexis La Goutte <[email protected]> Reviewed-by: Michal Labedzki <[email protected]> ==14009== Memcheck, a memory error detector ==14009== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==14009== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==14009== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-10-30-3319.pcap ==14009== ==14009== Use of uninitialised value of size 8 ==14009== at 0x69D9E79: format_text (strutil.c:185) ==14009== by 0x6FDE2AB: dissect_pop (packet-pop.c:197) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x7183007: decode_tcp_ports (packet-tcp.c:5191) ==14009== by 0x718446F: process_tcp_payload (packet-tcp.c:5260) ==14009== by 0x7183930: desegment_tcp (packet-tcp.c:2778) ==14009== by 0x7183930: dissect_tcp_payload (packet-tcp.c:5327) ==14009== by 0x71885A9: dissect_tcp (packet-tcp.c:6209) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x6DD5A22: ip_try_dissect (packet-ip.c:1976) ==14009== by 0x6DD5A22: dissect_ip_v4 (packet-ip.c:2439) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== ==14009== Conditional jump or move depends on uninitialised value(s) ==14009== at 0x69D9E92: format_text (strutil.c:191) ==14009== by 0x6FDE2AB: dissect_pop (packet-pop.c:197) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x7183007: decode_tcp_ports (packet-tcp.c:5191) ==14009== by 0x718446F: process_tcp_payload (packet-tcp.c:5260) ==14009== by 0x7183930: desegment_tcp (packet-tcp.c:2778) ==14009== by 0x7183930: dissect_tcp_payload (packet-tcp.c:5327) ==14009== by 0x71885A9: dissect_tcp (packet-tcp.c:6209) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x6DD5A22: ip_try_dissect (packet-ip.c:1976) ==14009== by 0x6DD5A22: dissect_ip_v4 (packet-ip.c:2439) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== ==14009== Conditional jump or move depends on uninitialised value(s) ==14009== at 0xBDEDC80: vfprintf (vfprintf.c:1632) ==14009== by 0xBEB4FD5: __vsnprintf_chk (vsnprintf_chk.c:63) ==14009== by 0x6995F31: ws_vsnprintf (ws_printf.h:78) ==14009== by 0x6995F31: col_add_fstr (column-utils.c:792) ==14009== by 0x6FDE2C9: dissect_pop (packet-pop.c:196) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x7183007: decode_tcp_ports (packet-tcp.c:5191) ==14009== by 0x718446F: process_tcp_payload (packet-tcp.c:5260) ==14009== by 0x7183930: desegment_tcp (packet-tcp.c:2778) ==14009== by 0x7183930: dissect_tcp_payload (packet-tcp.c:5327) ==14009== by 0x71885A9: dissect_tcp (packet-tcp.c:6209) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== ==14009== Conditional jump or move depends on uninitialised value(s) ==14009== at 0x69D9D57: get_token_len (strutil.c:124) ==14009== by 0x6FDE4B2: dissect_pop (packet-pop.c:274) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x7183007: decode_tcp_ports (packet-tcp.c:5191) ==14009== by 0x718446F: process_tcp_payload (packet-tcp.c:5260) ==14009== by 0x7183930: desegment_tcp (packet-tcp.c:2778) ==14009== by 0x7183930: dissect_tcp_payload (packet-tcp.c:5327) ==14009== by 0x71885A9: dissect_tcp (packet-tcp.c:6209) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x6DD5A22: ip_try_dissect (packet-ip.c:1976) ==14009== by 0x6DD5A22: dissect_ip_v4 (packet-ip.c:2439) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== ==14009== Use of uninitialised value of size 8 ==14009== at 0x69D9D59: get_token_len (strutil.c:124) ==14009== by 0x1000023FF: ??? ==14009== by 0xD80E2020B010002: ??? ==14009== by 0xA22010001FE: ??? ==14009== by 0xA0C: ??? ==14009== ==14009== Conditional jump or move depends on uninitialised value(s) ==14009== at 0x69D9D5D: get_token_len (strutil.c:124) ==14009== by 0x6FDE4B2: dissect_pop (packet-pop.c:274) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x7183007: decode_tcp_ports (packet-tcp.c:5191) ==14009== by 0x718446F: process_tcp_payload (packet-tcp.c:5260) ==14009== by 0x7183930: desegment_tcp (packet-tcp.c:2778) ==14009== by 0x7183930: dissect_tcp_payload (packet-tcp.c:5327) ==14009== by 0x71885A9: dissect_tcp (packet-tcp.c:6209) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== by 0x69A965E: dissector_try_uint_new (packet.c:1290) ==14009== by 0x6DD5A22: ip_try_dissect (packet-ip.c:1976) ==14009== by 0x6DD5A22: dissect_ip_v4 (packet-ip.c:2439) ==14009== by 0x69A9795: call_dissector_through_handle (packet.c:650) ==14009== by 0x69A9795: call_dissector_work (packet.c:725) ==14009== ==14009== Conditional jump or move depends on uninitialised value(s) ==14009== at 0x4C30F78: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==14009== by 0x4162C3: print_columns (tshark.c:3656) ==14009== by 0x4162C3: print_packet (tshark.c:3818) ==14009== by 0x415DB9: process_packet (tshark.c:3451) ==14009== by 0x413B15: load_cap_file (tshark.c:3193) ==14009== by 0x413B15: main (tshark.c:1893) ==14009== ==14009== Conditional jump or move depends on uninitialised value(s) ==14009== at 0x4C30F78: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==14009== by 0xBE0CF7E: fputs (iofputs.c:33) ==14009== by 0x69BAAEE: print_line_text (print_stream.c:154) ==14009== by 0x41692A: print_columns (tshark.c:3801) ==14009== by 0x41692A: print_packet (tshark.c:3818) ==14009== by 0x415DB9: process_packet (tshark.c:3451) ==14009== by 0x413B15: load_cap_file (tshark.c:3193) ==14009== by 0x413B15: main (tshark.c:1893) ==14009== ==14009== Syscall param write(buf) points to uninitialised byte(s) ==14009== at 0xBE95A10: __write_nocancel (syscall-template.S:84) ==14009== by 0xBE17B2E: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1263) ==14009== by 0xBE19338: new_do_write (fileops.c:518) ==14009== by 0xBE19338: _IO_do_write@@GLIBC_2.2.5 (fileops.c:494) ==14009== by 0xBE183AC: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1331) ==14009== by 0xBE0D007: fputs (iofputs.c:38) ==14009== by 0x69BAAEE: print_line_text (print_stream.c:154) ==14009== by 0x41692A: print_columns (tshark.c:3801) ==14009== by 0x41692A: print_packet (tshark.c:3818) ==14009== by 0x415DB9: process_packet (tshark.c:3451) ==14009== by 0x413B15: load_cap_file (tshark.c:3193) ==14009== by 0x413B15: main (tshark.c:1893) ==14009== Address 0x1388854a is 2,026 bytes inside a block of size 4,096 alloc'd ==14009== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==14009== by 0xBE0C184: _IO_file_doallocate (filedoalloc.c:127) ==14009== by 0xBE1A4C3: _IO_doallocbuf (genops.c:398) ==14009== by 0xBE19827: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:820) ==14009== by 0xBE181BC: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1331) ==14009== by 0xBE0D007: fputs (iofputs.c:38) ==14009== by 0x69BAAEE: print_line_text (print_stream.c:154) ==14009== by 0x41692A: print_columns (tshark.c:3801) ==14009== by 0x41692A: print_packet (tshark.c:3818) ==14009== by 0x415DB9: process_packet (tshark.c:3451) ==14009== by 0x413B15: load_cap_file (tshark.c:3193) ==14009== by 0x413B15: main (tshark.c:1893) ==14009== ==14009== ==14009== HEAP SUMMARY: ==14009== in use at exit: 6,089,528 bytes in 9,813 blocks ==14009== total heap usage: 596,548 allocs, 586,735 frees, 53,238,883 bytes allocated ==14009== ==14009== LEAK SUMMARY: ==14009== definitely lost: 1,704 bytes in 171 blocks ==14009== indirectly lost: 0 bytes in 0 blocks ==14009== possibly lost: 0 bytes in 0 blocks ==14009== still reachable: 6,087,824 bytes in 9,642 blocks ==14009== suppressed: 0 bytes in 0 blocks ==14009== Rerun with --leak-check=full to see details of leaked memory ==14009== ==14009== For counts of detected and suppressed errors, rerun with: -v ==14009== Use --track-origins=yes to see where uninitialised values come from ==14009== ERROR SUMMARY: 71 errors from 9 contexts (suppressed: 0 from 0) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 13074] Buildbot crash output: fuzz-2016-10-30-3319.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13074] Buildbot crash output: fuzz-2016-10-30-3319.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13074] Buildbot crash output: fuzz-2016-10-30-3319.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13074] Buildbot crash output: fuzz-2016-10-30-3319.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13074] Buildbot crash output: fuzz-2016-10-30-3319.pcap
- Prev by Date: [Wireshark-bugs] [Bug 13049] Buildbot crash output: fuzz-2016-10-24-11612.pcap
- Next by Date: [Wireshark-bugs] [Bug 13044] Buildbot crash output: fuzz-2016-10-25-19751.pcap
- Previous by thread: [Wireshark-bugs] [Bug 13073] s7comm.blockinfo.blocktype JSON output format value not good
- Next by thread: [Wireshark-bugs] [Bug 13074] Buildbot crash output: fuzz-2016-10-30-3319.pcap
- Index(es):