Wireshark-bugs: [Wireshark-bugs] [Bug 13172] New: Buildbot crash output: fuzz-2016-11-24-12653.p

Date: Thu, 24 Nov 2016 10:40:04 +0000
Bug ID 13172
Summary Buildbot crash output: fuzz-2016-11-24-12653.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-11-24-12653.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-11-24-12653.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:39:52 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3790
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=7dbe9b49879e06e1d86c11140e2bfdacbabde74b

Return value:  0

Dissector bug:  0

Valgrind error count:  72



Git commit
commit 7dbe9b49879e06e1d86c11140e2bfdacbabde74b
Author: Martin Mathieson <[email protected]>
Date:   Wed Nov 23 16:31:57 2016 -0800

    Return from snort_start early if dissector not enabled.

    Change-Id: Idf63210ce33d92ac8619fe3295bd3e6c0bb304a9
    Reviewed-on: https://code.wireshark.org/review/18941
    Reviewed-by: Martin Mathieson <[email protected]>


==22224== Memcheck, a memory error detector
==22224== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22224== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22224== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-11-24-12653.pcap
==22224== 

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet 10:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet 77:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==22224== Conditional jump or move depends on uninitialised value(s)
==22224==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22224==    by 0x69D5853: addresses_equal (address.h:230)
==22224==    by 0x69D5853: fragment_addresses_equal (reassemble.c:82)
==22224==    by 0xA6E4DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22224==    by 0x69D6D56: lookup_fd_head (reassemble.c:541)
==22224==    by 0x69D6D56: fragment_add_seq_common (reassemble.c:1886)
==22224==    by 0x69D7357: fragment_add_seq_check_work (reassemble.c:2037)
==22224==    by 0x69D7419: fragment_add_seq_next (reassemble.c:2100)
==22224==    by 0x6B3DEA9: dissect_btle (packet-btle.c:883)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224==    by 0x6F6FB74: dissect_nordic_ble (packet-nordic_ble.c:566)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224== 
==22224== Conditional jump or move depends on uninitialised value(s)
==22224==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22224==    by 0x69D588D: addresses_equal (address.h:230)
==22224==    by 0x69D588D: fragment_addresses_equal (reassemble.c:83)
==22224==    by 0xA6E4DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22224==    by 0x69D6D56: lookup_fd_head (reassemble.c:541)
==22224==    by 0x69D6D56: fragment_add_seq_common (reassemble.c:1886)
==22224==    by 0x69D7357: fragment_add_seq_check_work (reassemble.c:2037)
==22224==    by 0x69D7419: fragment_add_seq_next (reassemble.c:2100)
==22224==    by 0x6B3DEA9: dissect_btle (packet-btle.c:883)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224==    by 0x6F6FB74: dissect_nordic_ble (packet-nordic_ble.c:566)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224== 
==22224== Conditional jump or move depends on uninitialised value(s)
==22224==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22224==    by 0x69D5853: addresses_equal (address.h:230)
==22224==    by 0x69D5853: fragment_addresses_equal (reassemble.c:82)
==22224==    by 0xA6E45F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22224==    by 0x69D7374: fragment_unhash (reassemble.c:789)
==22224==    by 0x69D7374: fragment_add_seq_check_work (reassemble.c:2052)
==22224==    by 0x69D7419: fragment_add_seq_next (reassemble.c:2100)
==22224==    by 0x6B3DEA9: dissect_btle (packet-btle.c:883)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224==    by 0x6F6FB74: dissect_nordic_ble (packet-nordic_ble.c:566)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224==    by 0x6C9DED2: dissect_exported_pdu (packet-exported_pdu.c:285)
==22224== 
==22224== Conditional jump or move depends on uninitialised value(s)
==22224==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==22224==    by 0x69D588D: addresses_equal (address.h:230)
==22224==    by 0x69D588D: fragment_addresses_equal (reassemble.c:83)
==22224==    by 0xA6E45F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22224==    by 0x69D7374: fragment_unhash (reassemble.c:789)
==22224==    by 0x69D7374: fragment_add_seq_check_work (reassemble.c:2052)
==22224==    by 0x69D7419: fragment_add_seq_next (reassemble.c:2100)
==22224==    by 0x6B3DEA9: dissect_btle (packet-btle.c:883)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224==    by 0x6F6FB74: dissect_nordic_ble (packet-nordic_ble.c:566)
==22224==    by 0x69AC6C5: call_dissector_through_handle (packet.c:650)
==22224==    by 0x69AC6C5: call_dissector_work (packet.c:725)
==22224==    by 0x69AB77C: call_dissector_only (packet.c:2954)
==22224==    by 0x69AB77C: call_dissector_with_data (packet.c:2967)
==22224==    by 0x6C9DED2: dissect_exported_pdu (packet-exported_pdu.c:285)
==22224== 

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet 99:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
105: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
131: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
134: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
142: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
155: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
211: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
239: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
310: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
321: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
349: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
350: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
353: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
371: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
374: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
392: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
426: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
440: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
458: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
466: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
473: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
480: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
488: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
502: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
510: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
608: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
633: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
652: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
653: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
660: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
692: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
712: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
715: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
725: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
744: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
759: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
767: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
807: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
839: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
859: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
895: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:22224): WARNING **: Dissector bug, protocol BT LE LL, in packet
899: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==22224== 
==22224== HEAP SUMMARY:
==22224==     in use at exit: 6,086,188 bytes in 9,728 blocks
==22224==   total heap usage: 285,317 allocs, 275,589 frees, 37,919,858 bytes
allocated
==22224== 
==22224== LEAK SUMMARY:
==22224==    definitely lost: 1,380 bytes in 87 blocks
==22224==    indirectly lost: 0 bytes in 0 blocks
==22224==      possibly lost: 0 bytes in 0 blocks
==22224==    still reachable: 6,084,808 bytes in 9,641 blocks
==22224==         suppressed: 0 bytes in 0 blocks
==22224== Rerun with --leak-check=full to see details of leaked memory
==22224== 
==22224== For counts of detected and suppressed errors, rerun with: -v
==22224== Use --track-origins=yes to see where uninitialised values come from
==22224== ERROR SUMMARY: 72 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.