Wireshark-bugs: [Wireshark-bugs] [Bug 13187] New: Buildbot crash output: fuzz-2016-11-30-31444.p

Date: Wed, 30 Nov 2016 09:40:03 +0000
Bug ID 13187
Summary Buildbot crash output: fuzz-2016-11-30-31444.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-11-30-31444.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-11-30-31444.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/11275-cops-fuzz-test.pcap

Build host information:
Linux wsbb04 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:39:52 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3800
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=7fe45cc0ec4e8bc1c3d5cd27c98feb8ecbb2b1b4

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit 7fe45cc0ec4e8bc1c3d5cd27c98feb8ecbb2b1b4
Author: Peter Wu <[email protected]>
Date:   Wed Nov 23 16:28:34 2016 +0100

    Qt: fix GoToPacket when Voip Calls dialog is closed

    After opening the Call Flows dialog from the Voip Calls dialog, followed
    by closing the Voip Calls dialog, the Go To Packet functionality in the
    Call Flows dialog is broken. That happens because the signal is not
    proxied anymore.

    Just remove all these indirections via signals and directly update the
    selected packet.

    Change-Id: I9c6d519dbe800e4dfdf0407d832f17819b344e46
    Reviewed-on: https://code.wireshark.org/review/18933
    Petri-Dish: Peter Wu <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Gerald Combs <[email protected]>


==16247== Memcheck, a memory error detector
==16247== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==16247== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==16247== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-11-30-31444.pcap
==16247== 
==16247== Conditional jump or move depends on uninitialised value(s)
==16247==    at 0x6B9C8F4: dissect_cops_pdu (packet-cops.c:1102)
==16247==    by 0x718E655: tcp_dissect_pdus (packet-tcp.c:3468)
==16247==    by 0x6B9B2C1: dissect_cops (packet-cops.c:1134)
==16247==    by 0x69ACDB5: call_dissector_through_handle (packet.c:650)
==16247==    by 0x69ACDB5: call_dissector_work (packet.c:725)
==16247==    by 0x69ACC7E: dissector_try_uint_new (packet.c:1290)
==16247==    by 0x718EB6F: decode_tcp_ports (packet-tcp.c:5420)
==16247==    by 0x718FE8F: process_tcp_payload (packet-tcp.c:5483)
==16247==    by 0x718F3E8: desegment_tcp (packet-tcp.c:2990)
==16247==    by 0x718F3E8: dissect_tcp_payload (packet-tcp.c:5550)
==16247==    by 0x7193E57: dissect_tcp (packet-tcp.c:6434)
==16247==    by 0x69ACDB5: call_dissector_through_handle (packet.c:650)
==16247==    by 0x69ACDB5: call_dissector_work (packet.c:725)
==16247==    by 0x69ACC7E: dissector_try_uint_new (packet.c:1290)
==16247==    by 0x6DDD922: ip_try_dissect (packet-ip.c:1978)
==16247==    by 0x6DDD922: dissect_ip_v4 (packet-ip.c:2441)
==16247== 
==16247== 
==16247== HEAP SUMMARY:
==16247==     in use at exit: 6,085,520 bytes in 9,731 blocks
==16247==   total heap usage: 266,061 allocs, 256,330 frees, 37,344,896 bytes
allocated
==16247== 
==16247== LEAK SUMMARY:
==16247==    definitely lost: 456 bytes in 90 blocks
==16247==    indirectly lost: 384 bytes in 3 blocks
==16247==      possibly lost: 0 bytes in 0 blocks
==16247==    still reachable: 6,084,680 bytes in 9,638 blocks
==16247==         suppressed: 0 bytes in 0 blocks
==16247== Rerun with --leak-check=full to see details of leaked memory
==16247== 
==16247== For counts of detected and suppressed errors, rerun with: -v
==16247== Use --track-origins=yes to see where uninitialised values come from
==16247== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.