Wireshark-bugs: [Wireshark-bugs] [Bug 13253] New: Buildbot crash output: fuzz-2016-12-16-20478.p

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 17 Dec 2016 04:00:03 +0000
Bug ID 13253
Summary Buildbot crash output: fuzz-2016-12-16-20478.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-12-16-20478.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-16-20478.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3824
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=1a57d810423a70563c7d1fae5c956317c242d55c

Return value:  0

Dissector bug:  0

Valgrind error count:  87



Git commit
commit 1a57d810423a70563c7d1fae5c956317c242d55c
Author: Michael Mann <[email protected]>
Date:   Fri Dec 16 09:35:01 2016 -0500

    Rename packet-range.[ch] to packet_range.[ch]

    The check*.pl scripts presume that files with the prefix "packet-"
    are dissector files and therefore have different rules than other
    files.  Rather than trying to clarify that more with additional
    directory information, just make any non-dissector file with
    "packet-" filename prefix conform if it fails a "dissector specific"
    check from the scripts.

    Change-Id: I7cb52e1fad4ea62320492bb690904260f958aeb4
    Reviewed-on: https://code.wireshark.org/review/19304
    Petri-Dish: Michael Mann <[email protected]>
    Reviewed-by: Dario Lombardo <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Michael Mann <[email protected]>


==18108== Memcheck, a memory error detector
==18108== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==18108== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==18108== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-16-20478.pcap
==18108== 

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet 14:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet 21:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet 24:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet 37:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==18108== Conditional jump or move depends on uninitialised value(s)
==18108==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18108==    by 0x69E1403: addresses_equal (address.h:230)
==18108==    by 0x69E1403: fragment_addresses_equal (reassemble.c:82)
==18108==    by 0xA6FEDCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18108==    by 0x69E2906: lookup_fd_head (reassemble.c:541)
==18108==    by 0x69E2906: fragment_add_seq_common (reassemble.c:1886)
==18108==    by 0x69E2F07: fragment_add_seq_check_work (reassemble.c:2037)
==18108==    by 0x69E2FC9: fragment_add_seq_next (reassemble.c:2100)
==18108==    by 0x6B49E69: dissect_btle (packet-btle.c:883)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108==    by 0x6F7E6CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108== 
==18108== Conditional jump or move depends on uninitialised value(s)
==18108==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18108==    by 0x69E143D: addresses_equal (address.h:230)
==18108==    by 0x69E143D: fragment_addresses_equal (reassemble.c:83)
==18108==    by 0xA6FEDCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18108==    by 0x69E2906: lookup_fd_head (reassemble.c:541)
==18108==    by 0x69E2906: fragment_add_seq_common (reassemble.c:1886)
==18108==    by 0x69E2F07: fragment_add_seq_check_work (reassemble.c:2037)
==18108==    by 0x69E2FC9: fragment_add_seq_next (reassemble.c:2100)
==18108==    by 0x6B49E69: dissect_btle (packet-btle.c:883)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108==    by 0x6F7E6CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108== 
==18108== Conditional jump or move depends on uninitialised value(s)
==18108==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18108==    by 0x69E1403: addresses_equal (address.h:230)
==18108==    by 0x69E1403: fragment_addresses_equal (reassemble.c:82)
==18108==    by 0xA6FE5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18108==    by 0x69E2F24: fragment_unhash (reassemble.c:789)
==18108==    by 0x69E2F24: fragment_add_seq_check_work (reassemble.c:2052)
==18108==    by 0x69E2FC9: fragment_add_seq_next (reassemble.c:2100)
==18108==    by 0x6B49E69: dissect_btle (packet-btle.c:883)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108==    by 0x6F7E6CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108==    by 0x6CA98E2: dissect_exported_pdu (packet-exported_pdu.c:285)
==18108== 
==18108== Conditional jump or move depends on uninitialised value(s)
==18108==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18108==    by 0x69E143D: addresses_equal (address.h:230)
==18108==    by 0x69E143D: fragment_addresses_equal (reassemble.c:83)
==18108==    by 0xA6FE5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==18108==    by 0x69E2F24: fragment_unhash (reassemble.c:789)
==18108==    by 0x69E2F24: fragment_add_seq_check_work (reassemble.c:2052)
==18108==    by 0x69E2FC9: fragment_add_seq_next (reassemble.c:2100)
==18108==    by 0x6B49E69: dissect_btle (packet-btle.c:883)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108==    by 0x6F7E6CB: dissect_nordic_ble (packet-nordic_ble.c:313)
==18108==    by 0x69B7D85: call_dissector_through_handle (packet.c:650)
==18108==    by 0x69B7D85: call_dissector_work (packet.c:725)
==18108==    by 0x69B6E3C: call_dissector_only (packet.c:2954)
==18108==    by 0x69B6E3C: call_dissector_with_data (packet.c:2967)
==18108==    by 0x6CA98E2: dissect_exported_pdu (packet-exported_pdu.c:285)
==18108== 

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet 66:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet 70:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet 79:
packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
100: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
119: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
122: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
140: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
141: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
145: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
155: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
177: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
191: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
258: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
267: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
286: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
309: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
325: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
327: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
344: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
352: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
354: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
364: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
381: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
382: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
404: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
429: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
446: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
449: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
497: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
504: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
560: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
582: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
593: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
610: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
621: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
643: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
657: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
685: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
694: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
699: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
700: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
720: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
729: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
737: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
746: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
754: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
764: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
771: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
779: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
780: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
782: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
783: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
810: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
814: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
822: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
866: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"

** (process:18108): WARNING **: Dissector bug, protocol BT LE LL, in packet
895: packet-btle.c:840: failed assertion "btle_frame_info != ((void*)0)"
==18108== 
==18108== HEAP SUMMARY:
==18108==     in use at exit: 6,088,366 bytes in 9,754 blocks
==18108==   total heap usage: 286,243 allocs, 276,489 frees, 37,964,210 bytes
allocated
==18108== 
==18108== LEAK SUMMARY:
==18108==    definitely lost: 1,380 bytes in 87 blocks
==18108==    indirectly lost: 0 bytes in 0 blocks
==18108==      possibly lost: 0 bytes in 0 blocks
==18108==    still reachable: 6,086,986 bytes in 9,667 blocks
==18108==         suppressed: 0 bytes in 0 blocks
==18108== Rerun with --leak-check=full to see details of leaked memory
==18108== 
==18108== For counts of detected and suppressed errors, rerun with: -v
==18108== Use --track-origins=yes to see where uninitialised values come from
==18108== ERROR SUMMARY: 87 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.