Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13145] New: Buildbot crash output: fuzz-2016-11-16-30537.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 13145] New: Buildbot crash output: fuzz-2016-11-16-30537.p

Date: Wed, 16 Nov 2016 17:50:03 +0000
Bug ID	13145
Summary	Buildbot crash output: fuzz-2016-11-16-30537.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-11-16-30537.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-11-16-30537.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-45-generic #66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3775
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=3dee62ec923db5c1faea40dc6353660dc10ea829

Return value:  0

Dissector bug:  0

Valgrind error count:  93



Git commit
commit 3dee62ec923db5c1faea40dc6353660dc10ea829
Author: Dario Lombardo <[email protected]>
Date:   Tue Nov 15 17:10:11 2016 +0100

    debian-setup: remove libssh-dev from basic list.

    Change-Id: I34c0c24bc9240e27cbdf71f6ef1ae0adbb27cd7f
    Reviewed-on: https://code.wireshark.org/review/18830
    Tested-by: Dario Lombardo <[email protected]>
    Reviewed-by: Alexis La Goutte <[email protected]>


==1980== Memcheck, a memory error detector
==1980== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1980== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==1980== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-11-16-30537.pcap
==1980== 

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 40:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 46:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 66:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==1980== Conditional jump or move depends on uninitialised value(s)
==1980==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1980==    by 0x69DCF93: addresses_equal (address.h:230)
==1980==    by 0x69DCF93: fragment_addresses_equal (reassemble.c:82)
==1980==    by 0xA6E2DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==1980==    by 0x69DE496: lookup_fd_head (reassemble.c:541)
==1980==    by 0x69DE496: fragment_add_seq_common (reassemble.c:1886)
==1980==    by 0x69DEA97: fragment_add_seq_check_work (reassemble.c:2037)
==1980==    by 0x69DEB59: fragment_add_seq_next (reassemble.c:2100)
==1980==    by 0x6B455F9: dissect_btle (packet-btle.c:883)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980==    by 0x6F76544: dissect_nordic_ble (packet-nordic_ble.c:566)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980== 
==1980== Conditional jump or move depends on uninitialised value(s)
==1980==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1980==    by 0x69DCFCD: addresses_equal (address.h:230)
==1980==    by 0x69DCFCD: fragment_addresses_equal (reassemble.c:83)
==1980==    by 0xA6E2DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==1980==    by 0x69DE496: lookup_fd_head (reassemble.c:541)
==1980==    by 0x69DE496: fragment_add_seq_common (reassemble.c:1886)
==1980==    by 0x69DEA97: fragment_add_seq_check_work (reassemble.c:2037)
==1980==    by 0x69DEB59: fragment_add_seq_next (reassemble.c:2100)
==1980==    by 0x6B455F9: dissect_btle (packet-btle.c:883)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980==    by 0x6F76544: dissect_nordic_ble (packet-nordic_ble.c:566)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980== 
==1980== Conditional jump or move depends on uninitialised value(s)
==1980==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1980==    by 0x69DCF93: addresses_equal (address.h:230)
==1980==    by 0x69DCF93: fragment_addresses_equal (reassemble.c:82)
==1980==    by 0xA6E25F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==1980==    by 0x69DEAB4: fragment_unhash (reassemble.c:789)
==1980==    by 0x69DEAB4: fragment_add_seq_check_work (reassemble.c:2052)
==1980==    by 0x69DEB59: fragment_add_seq_next (reassemble.c:2100)
==1980==    by 0x6B455F9: dissect_btle (packet-btle.c:883)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980==    by 0x6F76544: dissect_nordic_ble (packet-nordic_ble.c:566)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980==    by 0x6CA5752: dissect_exported_pdu (packet-exported_pdu.c:285)
==1980== 
==1980== Conditional jump or move depends on uninitialised value(s)
==1980==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1980==    by 0x69DCFCD: addresses_equal (address.h:230)
==1980==    by 0x69DCFCD: fragment_addresses_equal (reassemble.c:83)
==1980==    by 0xA6E25F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==1980==    by 0x69DEAB4: fragment_unhash (reassemble.c:789)
==1980==    by 0x69DEAB4: fragment_add_seq_check_work (reassemble.c:2052)
==1980==    by 0x69DEB59: fragment_add_seq_next (reassemble.c:2100)
==1980==    by 0x6B455F9: dissect_btle (packet-btle.c:883)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980==    by 0x6F76544: dissect_nordic_ble (packet-nordic_ble.c:566)
==1980==    by 0x69B4035: call_dissector_through_handle (packet.c:650)
==1980==    by 0x69B4035: call_dissector_work (packet.c:725)
==1980==    by 0x69B30EC: call_dissector_only (packet.c:2954)
==1980==    by 0x69B30EC: call_dissector_with_data (packet.c:2967)
==1980==    by 0x6CA5752: dissect_exported_pdu (packet-exported_pdu.c:285)
==1980== 

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 121:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 165:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 170:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 201:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 212:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 216:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 256:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 270:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 282:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 311:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 331:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 332:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 357:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 387:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 392:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 418:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 432:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 462:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 507:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 508:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 559:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 579:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 598:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 694:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 696:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 710:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 747:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 752:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 769:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 771:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 786:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 800:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 807:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 830:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 842:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 863:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 885:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:1980): WARNING **: Dissector bug, protocol BT LE LL, in packet 893:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==1980== 
==1980== HEAP SUMMARY:
==1980==     in use at exit: 6,086,108 bytes in 9,723 blocks
==1980==   total heap usage: 286,153 allocs, 276,430 frees, 37,973,933 bytes
allocated
==1980== 
==1980== LEAK SUMMARY:
==1980==    definitely lost: 1,380 bytes in 87 blocks
==1980==    indirectly lost: 0 bytes in 0 blocks
==1980==      possibly lost: 0 bytes in 0 blocks
==1980==    still reachable: 6,084,728 bytes in 9,636 blocks
==1980==         suppressed: 0 bytes in 0 blocks
==1980== Rerun with --leak-check=full to see details of leaked memory
==1980== 
==1980== For counts of detected and suppressed errors, rerun with: -v
==1980== Use --track-origins=yes to see where uninitialised values come from
==1980== ERROR SUMMARY: 93 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 13145] Buildbot crash output: fuzz-2016-11-16-30537.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 13141] TCP options type filed interpreted as IP options type field
Next by Date: [Wireshark-bugs] [Bug 13049] Buildbot crash output: fuzz-2016-10-24-11612.pcap
Previous by thread: [Wireshark-bugs] [Bug 13144] Buildbot crash output: fuzz-2016-11-16-2756.pcap
Next by thread: [Wireshark-bugs] [Bug 13145] Buildbot crash output: fuzz-2016-11-16-30537.pcap
Index(es):
- Date
- Thread