Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13282] New: Buildbot crash output: fuzz-2016-12-30-4475.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 13282] New: Buildbot crash output: fuzz-2016-12-30-4475.pc

Date: Fri, 30 Dec 2016 20:40:03 +0000
Bug ID	13282
Summary	Buildbot crash output: fuzz-2016-12-30-4475.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-12-30-4475.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]
Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-30-4475.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3833
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=b4afbb24a5e094dc1eb1c10ac81a383c42bf3e93

Return value:  0

Dissector bug:  0

Valgrind error count:  48



Git commit
commit b4afbb24a5e094dc1eb1c10ac81a383c42bf3e93
Author: Alexis La Goutte <[email protected]>
Date:   Fri Dec 30 09:16:13 2016 +0100

    enc (openBSD): fix flags field description

    Change-Id: I5b17d4bfea82770458b002aacfca0fc941639899
    Reviewed-on: https://code.wireshark.org/review/19470
    Reviewed-by: Anders Broman <[email protected]>


==10022== Memcheck, a memory error detector
==10022== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==10022== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==10022== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-30-4475.pcap
==10022== 

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet 32:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet 35:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet 51:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==10022== Conditional jump or move depends on uninitialised value(s)
==10022==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10022==    by 0x69E90C3: addresses_equal (address.h:230)
==10022==    by 0x69E90C3: fragment_addresses_equal (reassemble.c:82)
==10022==    by 0xA30ADCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==10022==    by 0x69EA5C6: lookup_fd_head (reassemble.c:541)
==10022==    by 0x69EA5C6: fragment_add_seq_common (reassemble.c:1886)
==10022==    by 0x69EABC7: fragment_add_seq_check_work (reassemble.c:2037)
==10022==    by 0x69EAC89: fragment_add_seq_next (reassemble.c:2100)
==10022==    by 0x6B52661: dissect_btle (packet-btle.c:888)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022==    by 0x6F86E8B: dissect_nordic_ble (packet-nordic_ble.c:313)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022== 
==10022== Conditional jump or move depends on uninitialised value(s)
==10022==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10022==    by 0x69E90FD: addresses_equal (address.h:230)
==10022==    by 0x69E90FD: fragment_addresses_equal (reassemble.c:83)
==10022==    by 0xA30ADCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==10022==    by 0x69EA5C6: lookup_fd_head (reassemble.c:541)
==10022==    by 0x69EA5C6: fragment_add_seq_common (reassemble.c:1886)
==10022==    by 0x69EABC7: fragment_add_seq_check_work (reassemble.c:2037)
==10022==    by 0x69EAC89: fragment_add_seq_next (reassemble.c:2100)
==10022==    by 0x6B52661: dissect_btle (packet-btle.c:888)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022==    by 0x6F86E8B: dissect_nordic_ble (packet-nordic_ble.c:313)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022== 
==10022== Conditional jump or move depends on uninitialised value(s)
==10022==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10022==    by 0x69E90C3: addresses_equal (address.h:230)
==10022==    by 0x69E90C3: fragment_addresses_equal (reassemble.c:82)
==10022==    by 0xA30A5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==10022==    by 0x69EABE4: fragment_unhash (reassemble.c:789)
==10022==    by 0x69EABE4: fragment_add_seq_check_work (reassemble.c:2052)
==10022==    by 0x69EAC89: fragment_add_seq_next (reassemble.c:2100)
==10022==    by 0x6B52661: dissect_btle (packet-btle.c:888)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022==    by 0x6F86E8B: dissect_nordic_ble (packet-nordic_ble.c:313)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022==    by 0x6CB26C2: dissect_exported_pdu (packet-exported_pdu.c:285)
==10022== 
==10022== Conditional jump or move depends on uninitialised value(s)
==10022==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10022==    by 0x69E90FD: addresses_equal (address.h:230)
==10022==    by 0x69E90FD: fragment_addresses_equal (reassemble.c:83)
==10022==    by 0xA30A5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==10022==    by 0x69EABE4: fragment_unhash (reassemble.c:789)
==10022==    by 0x69EABE4: fragment_add_seq_check_work (reassemble.c:2052)
==10022==    by 0x69EAC89: fragment_add_seq_next (reassemble.c:2100)
==10022==    by 0x6B52661: dissect_btle (packet-btle.c:888)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022==    by 0x6F86E8B: dissect_nordic_ble (packet-nordic_ble.c:313)
==10022==    by 0x69BFB15: call_dissector_through_handle (packet.c:650)
==10022==    by 0x69BFB15: call_dissector_work (packet.c:725)
==10022==    by 0x69BEBCC: call_dissector_only (packet.c:2955)
==10022==    by 0x69BEBCC: call_dissector_with_data (packet.c:2968)
==10022==    by 0x6CB26C2: dissect_exported_pdu (packet-exported_pdu.c:285)
==10022== 

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet 75:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
122: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
152: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
174: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
235: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
237: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
260: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
261: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
272: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
293: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
299: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
324: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
325: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
356: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
390: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
408: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
409: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
423: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
425: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
436: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
444: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
451: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
452: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
473: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
488: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
518: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
556: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
559: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
580: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
597: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
600: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
601: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
602: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
616: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
658: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
662: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
666: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
668: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
673: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
728: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
742: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
762: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
781: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
792: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
794: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
798: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
811: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
823: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
846: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
859: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
861: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
890: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:10022): WARNING **: Dissector bug, protocol BT LE LL, in packet
900: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==10022== 
==10022== HEAP SUMMARY:
==10022==     in use at exit: 6,092,056 bytes in 10,030 blocks
==10022==   total heap usage: 286,830 allocs, 276,800 frees, 38,030,365 bytes
allocated
==10022== 
==10022== LEAK SUMMARY:
==10022==    definitely lost: 4,357 bytes in 354 blocks
==10022==    indirectly lost: 0 bytes in 0 blocks
==10022==      possibly lost: 0 bytes in 0 blocks
==10022==    still reachable: 6,087,699 bytes in 9,676 blocks
==10022==         suppressed: 0 bytes in 0 blocks
==10022== Rerun with --leak-check=full to see details of leaked memory
==10022== 
==10022== For counts of detected and suppressed errors, rerun with: -v
==10022== Use --track-origins=yes to see where uninitialised values come from
==10022== ERROR SUMMARY: 48 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]
You are receiving this mail because:
You are watching all bug changes.
Prev by Date: [Wireshark-bugs] [Bug 13279] Can't decode packets captured with OpenBSD enc(4) encapsulating
Next by Date: [Wireshark-bugs] [Bug 11785] Time zone name needs to be converted to UTF-8 on Windows
Previous by thread: [Wireshark-bugs] [Bug 13104] tshark stalls on FreeBSD if androiddump is present
Next by thread: [Wireshark-bugs] [Bug 11785] Time zone name needs to be converted to UTF-8 on Windows
Index(es):
- Date
- Thread