Wireshark-bugs: [Wireshark-bugs] [Bug 13206] New: Buildbot crash output: fuzz-2016-12-05-26094.p

Date: Mon, 05 Dec 2016 18:00:04 +0000
Bug ID 13206
Summary Buildbot crash output: fuzz-2016-12-05-26094.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-12-05-26094.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-05-26094.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/11275-cops-fuzz-test.pcap

Build host information:
Linux wsbb04 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:39:52 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3805
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=deefa5b643699129191db24acfd5ff8bbe88047c

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit deefa5b643699129191db24acfd5ff8bbe88047c
Author: Michal Labedzki <[email protected]>
Date:   Wed Nov 9 12:51:15 2016 +0100

    Bluetooth: BTLE*: Initialize what initialized was not

    Fix unexpected Direction flag pass to BTLE dissector
    what caused reassemble of L2CAP not working correctly
    (it based on Source/Destination addresses/columns).

    Change-Id: I10fb17c29b020f6ca746f7bbccb7527e0ba04624
    Reviewed-on: https://code.wireshark.org/review/19084
    Reviewed-by: Michael Mann <[email protected]>
    (cherry picked from commit 75a5cf9fa0c2d7eed8fca8b9011c07dd99f5a751)
    Reviewed-on: https://code.wireshark.org/review/19093
    (cherry picked from commit af816dd25d03bd0b0f130dbd59b1a2c6b63e0a39)
    Reviewed-on: https://code.wireshark.org/review/19094
    Petri-Dish: Michael Mann <[email protected]>
    Reviewed-by: Anders Broman <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh 

==19092== Memcheck, a memory error detector
==19092== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==19092== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==19092== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-05-26094.pcap
==19092== 
==19092== Conditional jump or move depends on uninitialised value(s)
==19092==    at 0x69FC604: dissect_cops_pdu (packet-cops.c:1103)
==19092==    by 0x6F7AA5D: tcp_dissect_pdus (packet-tcp.c:2750)
==19092==    by 0x69FAFB1: dissect_cops (packet-cops.c:1135)
==19092==    by 0x682BF38: call_dissector_through_handle (packet.c:618)
==19092==    by 0x682BF38: call_dissector_work (packet.c:706)
==19092==    by 0x682BDFE: dissector_try_uint_new (packet.c:1163)
==19092==    by 0x6F7AD55: decode_tcp_ports (packet-tcp.c:4629)
==19092==    by 0x6F7BE60: process_tcp_payload (packet-tcp.c:4682)
==19092==    by 0x6F7B32A: desegment_tcp (packet-tcp.c:2270)
==19092==    by 0x6F7B32A: dissect_tcp_payload (packet-tcp.c:4749)
==19092==    by 0x6F7FBA6: dissect_tcp (packet-tcp.c:5656)
==19092==    by 0x682BF69: call_dissector_through_handle (packet.c:620)
==19092==    by 0x682BF69: call_dissector_work (packet.c:706)
==19092==    by 0x682BDFE: dissector_try_uint_new (packet.c:1163)
==19092==    by 0x6C1397F: ip_try_dissect (packet-ip.c:2000)
==19092== 
==19092== 
==19092== HEAP SUMMARY:
==19092==     in use at exit: 1,035,657 bytes in 28,356 blocks
==19092==   total heap usage: 243,872 allocs, 215,516 frees, 31,544,211 bytes
allocated
==19092== 
==19092== LEAK SUMMARY:
==19092==    definitely lost: 3,132 bytes in 132 blocks
==19092==    indirectly lost: 37,344 bytes in 55 blocks
==19092==      possibly lost: 0 bytes in 0 blocks
==19092==    still reachable: 995,181 bytes in 28,169 blocks
==19092==         suppressed: 0 bytes in 0 blocks
==19092== Rerun with --leak-check=full to see details of leaked memory
==19092== 
==19092== For counts of detected and suppressed errors, rerun with: -v
==19092== Use --track-origins=yes to see where uninitialised values come from
==19092== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.