Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13267] New: Buildbot crash output: fuzz-2016-12-22-9049.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 13267] New: Buildbot crash output: fuzz-2016-12-22-9049.pc

Date: Thu, 22 Dec 2016 18:50:03 +0000
Bug ID	13267
Summary	Buildbot crash output: fuzz-2016-12-22-9049.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-12-22-9049.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-22-9049.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3829
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=1a38cdeef7a8ae4435896606eeca85897d0d5829

Return value:  0

Dissector bug:  0

Valgrind error count:  69



Git commit
commit 1a38cdeef7a8ae4435896606eeca85897d0d5829
Author: Jiri Novak <[email protected]>
Date:   Wed Dec 14 22:55:05 2016 +0100

    RTSP dissector: Decode RTP/AVP/TCP and configure RTP session for it

    rtsp_create_conversation was modified significantly:
    - ignore non response calls => process only the complete information
    - distinguish between UDP, TCP and RTSP interlaced media
    - supports ED137 recording with RTP/UDP or RTP/TCP

    It was tested on many samples from bugzilla and from my library.
    Tests noted in bug 13257

    Bug: 13257
    Change-Id: I054505bcb9334c3abfff6d61c18c9cb6d2a6d56e
    Reviewed-on: https://code.wireshark.org/review/19341
    Reviewed-by: Michael Mann <[email protected]>
    Petri-Dish: Michael Mann <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Anders Broman <[email protected]>


==9763== Memcheck, a memory error detector
==9763== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9763== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9763== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-22-9049.pcap
==9763== 

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 9:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 12:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 14:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 36:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 51:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 62:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==9763== Conditional jump or move depends on uninitialised value(s)
==9763==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9763==    by 0x69E5F63: addresses_equal (address.h:230)
==9763==    by 0x69E5F63: fragment_addresses_equal (reassemble.c:82)
==9763==    by 0xA707DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==9763==    by 0x69E7466: lookup_fd_head (reassemble.c:541)
==9763==    by 0x69E7466: fragment_add_seq_common (reassemble.c:1886)
==9763==    by 0x69E7A67: fragment_add_seq_check_work (reassemble.c:2037)
==9763==    by 0x69E7B29: fragment_add_seq_next (reassemble.c:2100)
==9763==    by 0x6B4EDA1: dissect_btle (packet-btle.c:888)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763==    by 0x6F8360B: dissect_nordic_ble (packet-nordic_ble.c:313)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763== 
==9763== Conditional jump or move depends on uninitialised value(s)
==9763==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9763==    by 0x69E5F9D: addresses_equal (address.h:230)
==9763==    by 0x69E5F9D: fragment_addresses_equal (reassemble.c:83)
==9763==    by 0xA707DCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==9763==    by 0x69E7466: lookup_fd_head (reassemble.c:541)
==9763==    by 0x69E7466: fragment_add_seq_common (reassemble.c:1886)
==9763==    by 0x69E7A67: fragment_add_seq_check_work (reassemble.c:2037)
==9763==    by 0x69E7B29: fragment_add_seq_next (reassemble.c:2100)
==9763==    by 0x6B4EDA1: dissect_btle (packet-btle.c:888)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763==    by 0x6F8360B: dissect_nordic_ble (packet-nordic_ble.c:313)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763== 
==9763== Conditional jump or move depends on uninitialised value(s)
==9763==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9763==    by 0x69E5F63: addresses_equal (address.h:230)
==9763==    by 0x69E5F63: fragment_addresses_equal (reassemble.c:82)
==9763==    by 0xA7075F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==9763==    by 0x69E7A84: fragment_unhash (reassemble.c:789)
==9763==    by 0x69E7A84: fragment_add_seq_check_work (reassemble.c:2052)
==9763==    by 0x69E7B29: fragment_add_seq_next (reassemble.c:2100)
==9763==    by 0x6B4EDA1: dissect_btle (packet-btle.c:888)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763==    by 0x6F8360B: dissect_nordic_ble (packet-nordic_ble.c:313)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763==    by 0x6CAEC42: dissect_exported_pdu (packet-exported_pdu.c:285)
==9763== 
==9763== Conditional jump or move depends on uninitialised value(s)
==9763==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9763==    by 0x69E5F9D: addresses_equal (address.h:230)
==9763==    by 0x69E5F9D: fragment_addresses_equal (reassemble.c:83)
==9763==    by 0xA7075F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==9763==    by 0x69E7A84: fragment_unhash (reassemble.c:789)
==9763==    by 0x69E7A84: fragment_add_seq_check_work (reassemble.c:2052)
==9763==    by 0x69E7B29: fragment_add_seq_next (reassemble.c:2100)
==9763==    by 0x6B4EDA1: dissect_btle (packet-btle.c:888)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763==    by 0x6F8360B: dissect_nordic_ble (packet-nordic_ble.c:313)
==9763==    by 0x69BC8D5: call_dissector_through_handle (packet.c:650)
==9763==    by 0x69BC8D5: call_dissector_work (packet.c:725)
==9763==    by 0x69BB98C: call_dissector_only (packet.c:2955)
==9763==    by 0x69BB98C: call_dissector_with_data (packet.c:2968)
==9763==    by 0x6CAEC42: dissect_exported_pdu (packet-exported_pdu.c:285)
==9763== 

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 76:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 89:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 95:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 105:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 108:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 140:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 150:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 169:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 187:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 199:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 212:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 264:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 266:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 347:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 354:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 361:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 370:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 371:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 392:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 399:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 422:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 429:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 431:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 446:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 447:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 469:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 479:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 491:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 495:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 522:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 530:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 550:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 584:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 598:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 599:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 610:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 615:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 644:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 648:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 678:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 709:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 722:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 739:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 740:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 753:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 762:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 768:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 769:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 782:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 829:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 858:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 886:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:9763): WARNING **: Dissector bug, protocol BT LE LL, in packet 890:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==9763== 
==9763== HEAP SUMMARY:
==9763==     in use at exit: 6,091,801 bytes in 10,024 blocks
==9763==   total heap usage: 286,419 allocs, 276,395 frees, 38,024,229 bytes
allocated
==9763== 
==9763== LEAK SUMMARY:
==9763==    definitely lost: 4,326 bytes in 352 blocks
==9763==    indirectly lost: 0 bytes in 0 blocks
==9763==      possibly lost: 0 bytes in 0 blocks
==9763==    still reachable: 6,087,475 bytes in 9,672 blocks
==9763==         suppressed: 0 bytes in 0 blocks
==9763== Rerun with --leak-check=full to see details of leaked memory
==9763== 
==9763== For counts of detected and suppressed errors, rerun with: -v
==9763== Use --track-origins=yes to see where uninitialised values come from
==9763== ERROR SUMMARY: 69 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 13267] Buildbot crash output: fuzz-2016-12-22-9049.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 13015] Buildbot crash output: fuzz-2016-10-14-31162.pcap
Next by Date: [Wireshark-bugs] [Bug 13268] New: In filter expression: "1970-01-01 00:00:00 UTC" is not a valid absolute time
Previous by thread: [Wireshark-bugs] [Bug 13266] Crash when dissect WDBRPC Version 2 protocol with 'Dissect unknown program numbers' enabled
Next by thread: [Wireshark-bugs] [Bug 13267] Buildbot crash output: fuzz-2016-12-22-9049.pcap
Index(es):
- Date
- Thread