Wireshark-bugs: [Wireshark-bugs] [Bug 13133] New: Buildbot crash output: fuzz-2016-11-13-1936.pc

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 13 Nov 2016 19:40:03 +0000
Bug ID 13133
Summary Buildbot crash output: fuzz-2016-11-13-1936.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-11-13-1936.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-11-13-1936.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-45-generic #66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3773
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=1d56b0a48c6e023a0d24739029722b773fe3282a

Return value:  0

Dissector bug:  0

Valgrind error count:  96



Git commit
commit 1d56b0a48c6e023a0d24739029722b773fe3282a
Author: Jakub Pawlowski <[email protected]>
Date:   Thu Nov 10 11:31:59 2016 -0800

    Bluetooth: BTLE: Add SC bit paring in AuthReq

    Change-Id: I91db50aadd572a81559bb8d22af19fffefea592f
    Reviewed-on: https://code.wireshark.org/review/18735
    Petri-Dish: Stig Bjørlykke <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Alexis La Goutte <[email protected]>


==5862== Memcheck, a memory error detector
==5862== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5862== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==5862== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-11-13-1936.pcap
==5862== 

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 12:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 48:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==5862== Conditional jump or move depends on uninitialised value(s)
==5862==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5862==    by 0x69DBB83: addresses_equal (address.h:230)
==5862==    by 0x69DBB83: fragment_addresses_equal (reassemble.c:82)
==5862==    by 0xA6DFDCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==5862==    by 0x69DD086: lookup_fd_head (reassemble.c:541)
==5862==    by 0x69DD086: fragment_add_seq_common (reassemble.c:1886)
==5862==    by 0x69DD687: fragment_add_seq_check_work (reassemble.c:2037)
==5862==    by 0x69DD749: fragment_add_seq_next (reassemble.c:2100)
==5862==    by 0x6B43C56: dissect_btle (packet-btle.c:944)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862==    by 0x6F74C14: dissect_nordic_ble (packet-nordic_ble.c:566)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862== 
==5862== Conditional jump or move depends on uninitialised value(s)
==5862==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5862==    by 0x69DBBBD: addresses_equal (address.h:230)
==5862==    by 0x69DBBBD: fragment_addresses_equal (reassemble.c:83)
==5862==    by 0xA6DFDCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==5862==    by 0x69DD086: lookup_fd_head (reassemble.c:541)
==5862==    by 0x69DD086: fragment_add_seq_common (reassemble.c:1886)
==5862==    by 0x69DD687: fragment_add_seq_check_work (reassemble.c:2037)
==5862==    by 0x69DD749: fragment_add_seq_next (reassemble.c:2100)
==5862==    by 0x6B43C56: dissect_btle (packet-btle.c:944)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862==    by 0x6F74C14: dissect_nordic_ble (packet-nordic_ble.c:566)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862== 

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 61:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 84:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 85:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 88:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 89:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==5862== Conditional jump or move depends on uninitialised value(s)
==5862==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5862==    by 0x69DBB83: addresses_equal (address.h:230)
==5862==    by 0x69DBB83: fragment_addresses_equal (reassemble.c:82)
==5862==    by 0xA6DF5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==5862==    by 0x69DD6A4: fragment_unhash (reassemble.c:789)
==5862==    by 0x69DD6A4: fragment_add_seq_check_work (reassemble.c:2052)
==5862==    by 0x69DD749: fragment_add_seq_next (reassemble.c:2100)
==5862==    by 0x6B441F9: dissect_btle (packet-btle.c:883)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862==    by 0x6F74C14: dissect_nordic_ble (packet-nordic_ble.c:566)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862==    by 0x6CA4032: dissect_exported_pdu (packet-exported_pdu.c:285)
==5862== 
==5862== Conditional jump or move depends on uninitialised value(s)
==5862==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5862==    by 0x69DBBBD: addresses_equal (address.h:230)
==5862==    by 0x69DBBBD: fragment_addresses_equal (reassemble.c:83)
==5862==    by 0xA6DF5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==5862==    by 0x69DD6A4: fragment_unhash (reassemble.c:789)
==5862==    by 0x69DD6A4: fragment_add_seq_check_work (reassemble.c:2052)
==5862==    by 0x69DD749: fragment_add_seq_next (reassemble.c:2100)
==5862==    by 0x6B441F9: dissect_btle (packet-btle.c:883)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862==    by 0x6F74C14: dissect_nordic_ble (packet-nordic_ble.c:566)
==5862==    by 0x69B2C25: call_dissector_through_handle (packet.c:650)
==5862==    by 0x69B2C25: call_dissector_work (packet.c:725)
==5862==    by 0x69B1CDC: call_dissector_only (packet.c:2954)
==5862==    by 0x69B1CDC: call_dissector_with_data (packet.c:2967)
==5862==    by 0x6CA4032: dissect_exported_pdu (packet-exported_pdu.c:285)
==5862== 

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 96:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 105:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 179:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 249:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 269:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 273:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 300:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 312:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 322:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 358:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 388:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 436:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 440:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 451:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 458:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 459:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 505:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 507:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 514:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 527:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 547:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 575:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 583:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 585:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 605:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 607:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 611:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 616:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 624:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 648:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 649:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 675:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 687:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 706:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 711:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 734:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 736:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 774:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 817:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 868:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 882:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 893:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 900:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:5862): WARNING **: Dissector bug, protocol BT LE LL, in packet 905:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==5862== 
==5862== HEAP SUMMARY:
==5862==     in use at exit: 6,086,107 bytes in 9,723 blocks
==5862==   total heap usage: 285,804 allocs, 276,081 frees, 37,966,702 bytes
allocated
==5862== 
==5862== LEAK SUMMARY:
==5862==    definitely lost: 1,380 bytes in 87 blocks
==5862==    indirectly lost: 0 bytes in 0 blocks
==5862==      possibly lost: 0 bytes in 0 blocks
==5862==    still reachable: 6,084,727 bytes in 9,636 blocks
==5862==         suppressed: 0 bytes in 0 blocks
==5862== Rerun with --leak-check=full to see details of leaked memory
==5862== 
==5862== For counts of detected and suppressed errors, rerun with: -v
==5862== Use --track-origins=yes to see where uninitialised values come from
==5862== ERROR SUMMARY: 96 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.