Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13273] New: Buildbot crash output: fuzz-2016-12-26-21381.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 13273] New: Buildbot crash output: fuzz-2016-12-26-21381.p

Date: Tue, 27 Dec 2016 02:40:05 +0000
Bug ID	13273
Summary	Buildbot crash output: fuzz-2016-12-26-21381.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-12-26-21381.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-26-21381.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3831
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=e41201cde4dcf28c8e22433bd363bf1133f31aa1

Return value:  0

Dissector bug:  0

Valgrind error count:  78



Git commit
commit e41201cde4dcf28c8e22433bd363bf1133f31aa1
Author: Michael Mann <[email protected]>
Date:   Mon Dec 26 08:04:12 2016 -0500

    Don't claim packet as MATE if there is no MATE configuration

    This prevents MATE from (falsely) being included in the list of
    protocols for any given frame.

    Change-Id: I9ffdfb52cf31dfda89b674a41bcc0992e17de5e8
    Reviewed-on: https://code.wireshark.org/review/19432
    Petri-Dish: Michael Mann <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Michael Mann <[email protected]>


==2412== Memcheck, a memory error detector
==2412== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==2412== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==2412== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-26-21381.pcap
==2412== 

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 26:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 66:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==2412== Conditional jump or move depends on uninitialised value(s)
==2412==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2412==    by 0x69E71F3: addresses_equal (address.h:230)
==2412==    by 0x69E71F3: fragment_addresses_equal (reassemble.c:82)
==2412==    by 0xA70ADCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==2412==    by 0x69E86F6: lookup_fd_head (reassemble.c:541)
==2412==    by 0x69E86F6: fragment_add_seq_common (reassemble.c:1886)
==2412==    by 0x69E8CF7: fragment_add_seq_check_work (reassemble.c:2037)
==2412==    by 0x69E8DB9: fragment_add_seq_next (reassemble.c:2100)
==2412==    by 0x6B50051: dissect_btle (packet-btle.c:888)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412==    by 0x6F84AAB: dissect_nordic_ble (packet-nordic_ble.c:313)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412== 
==2412== Conditional jump or move depends on uninitialised value(s)
==2412==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2412==    by 0x69E722D: addresses_equal (address.h:230)
==2412==    by 0x69E722D: fragment_addresses_equal (reassemble.c:83)
==2412==    by 0xA70ADCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==2412==    by 0x69E86F6: lookup_fd_head (reassemble.c:541)
==2412==    by 0x69E86F6: fragment_add_seq_common (reassemble.c:1886)
==2412==    by 0x69E8CF7: fragment_add_seq_check_work (reassemble.c:2037)
==2412==    by 0x69E8DB9: fragment_add_seq_next (reassemble.c:2100)
==2412==    by 0x6B50051: dissect_btle (packet-btle.c:888)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412==    by 0x6F84AAB: dissect_nordic_ble (packet-nordic_ble.c:313)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412== 

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 71:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 76:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 96:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 119:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 127:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==2412== Conditional jump or move depends on uninitialised value(s)
==2412==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2412==    by 0x69E71F3: addresses_equal (address.h:230)
==2412==    by 0x69E71F3: fragment_addresses_equal (reassemble.c:82)
==2412==    by 0xA70A5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==2412==    by 0x69E8D14: fragment_unhash (reassemble.c:789)
==2412==    by 0x69E8D14: fragment_add_seq_check_work (reassemble.c:2052)
==2412==    by 0x69E8DB9: fragment_add_seq_next (reassemble.c:2100)
==2412==    by 0x6B50051: dissect_btle (packet-btle.c:888)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412==    by 0x6F84AAB: dissect_nordic_ble (packet-nordic_ble.c:313)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412==    by 0x6CB00B2: dissect_exported_pdu (packet-exported_pdu.c:285)
==2412== 
==2412== Conditional jump or move depends on uninitialised value(s)
==2412==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==2412==    by 0x69E722D: addresses_equal (address.h:230)
==2412==    by 0x69E722D: fragment_addresses_equal (reassemble.c:83)
==2412==    by 0xA70A5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==2412==    by 0x69E8D14: fragment_unhash (reassemble.c:789)
==2412==    by 0x69E8D14: fragment_add_seq_check_work (reassemble.c:2052)
==2412==    by 0x69E8DB9: fragment_add_seq_next (reassemble.c:2100)
==2412==    by 0x6B50051: dissect_btle (packet-btle.c:888)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412==    by 0x6F84AAB: dissect_nordic_ble (packet-nordic_ble.c:313)
==2412==    by 0x69BDC45: call_dissector_through_handle (packet.c:650)
==2412==    by 0x69BDC45: call_dissector_work (packet.c:725)
==2412==    by 0x69BCCFC: call_dissector_only (packet.c:2955)
==2412==    by 0x69BCCFC: call_dissector_with_data (packet.c:2968)
==2412==    by 0x6CB00B2: dissect_exported_pdu (packet-exported_pdu.c:285)
==2412== 

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 151:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 170:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 178:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 179:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 181:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 230:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 235:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 241:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 252:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 254:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 308:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 330:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 360:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 376:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 379:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 381:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 383:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 410:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 470:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 473:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 493:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 518:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 564:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 594:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 624:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 625:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 673:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 689:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 690:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 705:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 706:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 735:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 747:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 753:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 758:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 761:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 769:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 787:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 799:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 800:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 806:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 812:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 814:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 823:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 834:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 838:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 853:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 862:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 882:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:2412): WARNING **: Dissector bug, protocol BT LE LL, in packet 908:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==2412== 
==2412== HEAP SUMMARY:
==2412==     in use at exit: 6,091,778 bytes in 10,024 blocks
==2412==   total heap usage: 286,520 allocs, 276,496 frees, 38,024,776 bytes
allocated
==2412== 
==2412== LEAK SUMMARY:
==2412==    definitely lost: 4,326 bytes in 352 blocks
==2412==    indirectly lost: 0 bytes in 0 blocks
==2412==      possibly lost: 0 bytes in 0 blocks
==2412==    still reachable: 6,087,452 bytes in 9,672 blocks
==2412==         suppressed: 0 bytes in 0 blocks
==2412== Rerun with --leak-check=full to see details of leaked memory
==2412== 
==2412== For counts of detected and suppressed errors, rerun with: -v
==2412== Use --track-origins=yes to see where uninitialised values come from
==2412== ERROR SUMMARY: 78 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 13273] Buildbot crash output: fuzz-2016-12-26-21381.pcap
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 13272] Wireshark crashes on end-capture when key logger enabled for SSL
Next by Date: [Wireshark-bugs] [Bug 12502] Please align columns in tshark's output
Previous by thread: [Wireshark-bugs] [Bug 13272] Wireshark crashes on end-capture when key logger enabled for SSL
Next by thread: [Wireshark-bugs] [Bug 13273] Buildbot crash output: fuzz-2016-12-26-21381.pcap
Index(es):
- Date
- Thread