Wireshark-bugs: [Wireshark-bugs] [Bug 13283] New: Buildbot crash output: fuzz-2016-12-30-12660.p

Date Prev · Date Next · Thread Prev · Thread Next
Date: Sat, 31 Dec 2016 07:00:08 +0000
Bug ID 13283
Summary Buildbot crash output: fuzz-2016-12-30-12660.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-12-30-12660.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-12-30-12660.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/14807-160719-04_BLE_sensor_and_CGW_prefix_added_exp_pdu.pcapng

Build host information:
Linux wsbb04 4.4.0-53-generic #74-Ubuntu SMP Fri Dec 2 15:59:10 UTC 2016 x86_64
x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3834
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=13964595ad09e5d1115f6c5cb604cded27f9f55d

Return value:  0

Dissector bug:  0

Valgrind error count:  60



Git commit
commit 13964595ad09e5d1115f6c5cb604cded27f9f55d
Author: Michael Mann <[email protected]>
Date:   Fri Dec 30 12:26:34 2016 -0500

    Add BASE_NO_DISPLAY_VALUE to allow field value to not be shown.

    There are times when byte arrays don't want to show their value
    in the packet tree or there is a field that is the "header" of
    a subtree where showing the field value distracts from the tree
    display.  For these cases, BASE_NO_DISPLAY_VALUE can be used
    to not display the value.

    Change-Id: I8c9f1f57cd2e663dbee07e2289e7f5e1f22d1e32
    Reviewed-on: https://code.wireshark.org/review/19479
    Reviewed-by: Michael Mann <[email protected]>


==13636== Memcheck, a memory error detector
==13636== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==13636== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==13636== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-12-30-12660.pcap
==13636== 

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet 32:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet 36:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet 44:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet 56:
packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==13636== Conditional jump or move depends on uninitialised value(s)
==13636==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13636==    by 0x69E8EF3: addresses_equal (address.h:230)
==13636==    by 0x69E8EF3: fragment_addresses_equal (reassemble.c:82)
==13636==    by 0xA30ADCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==13636==    by 0x69EA3F6: lookup_fd_head (reassemble.c:541)
==13636==    by 0x69EA3F6: fragment_add_seq_common (reassemble.c:1886)
==13636==    by 0x69EA9F7: fragment_add_seq_check_work (reassemble.c:2037)
==13636==    by 0x69EAAB9: fragment_add_seq_next (reassemble.c:2100)
==13636==    by 0x6B52491: dissect_btle (packet-btle.c:888)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636==    by 0x6F86B7B: dissect_nordic_ble (packet-nordic_ble.c:313)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636== 
==13636== Conditional jump or move depends on uninitialised value(s)
==13636==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13636==    by 0x69E8F2D: addresses_equal (address.h:230)
==13636==    by 0x69E8F2D: fragment_addresses_equal (reassemble.c:83)
==13636==    by 0xA30ADCE: g_hash_table_lookup_extended (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==13636==    by 0x69EA3F6: lookup_fd_head (reassemble.c:541)
==13636==    by 0x69EA3F6: fragment_add_seq_common (reassemble.c:1886)
==13636==    by 0x69EA9F7: fragment_add_seq_check_work (reassemble.c:2037)
==13636==    by 0x69EAAB9: fragment_add_seq_next (reassemble.c:2100)
==13636==    by 0x6B52491: dissect_btle (packet-btle.c:888)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636==    by 0x6F86B7B: dissect_nordic_ble (packet-nordic_ble.c:313)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636== 
==13636== Conditional jump or move depends on uninitialised value(s)
==13636==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13636==    by 0x69E8EF3: addresses_equal (address.h:230)
==13636==    by 0x69E8EF3: fragment_addresses_equal (reassemble.c:82)
==13636==    by 0xA30A5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==13636==    by 0x69EAA14: fragment_unhash (reassemble.c:789)
==13636==    by 0x69EAA14: fragment_add_seq_check_work (reassemble.c:2052)
==13636==    by 0x69EAAB9: fragment_add_seq_next (reassemble.c:2100)
==13636==    by 0x6B52491: dissect_btle (packet-btle.c:888)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636==    by 0x6F86B7B: dissect_nordic_ble (packet-nordic_ble.c:313)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636==    by 0x6CB23B2: dissect_exported_pdu (packet-exported_pdu.c:285)
==13636== 
==13636== Conditional jump or move depends on uninitialised value(s)
==13636==    at 0x4C33D52: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13636==    by 0x69E8F2D: addresses_equal (address.h:230)
==13636==    by 0x69E8F2D: fragment_addresses_equal (reassemble.c:83)
==13636==    by 0xA30A5F9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==13636==    by 0x69EAA14: fragment_unhash (reassemble.c:789)
==13636==    by 0x69EAA14: fragment_add_seq_check_work (reassemble.c:2052)
==13636==    by 0x69EAAB9: fragment_add_seq_next (reassemble.c:2100)
==13636==    by 0x6B52491: dissect_btle (packet-btle.c:888)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636==    by 0x6F86B7B: dissect_nordic_ble (packet-nordic_ble.c:313)
==13636==    by 0x69BFA85: call_dissector_through_handle (packet.c:650)
==13636==    by 0x69BFA85: call_dissector_work (packet.c:725)
==13636==    by 0x69BEB3C: call_dissector_only (packet.c:2955)
==13636==    by 0x69BEB3C: call_dissector_with_data (packet.c:2968)
==13636==    by 0x6CB23B2: dissect_exported_pdu (packet-exported_pdu.c:285)
==13636== 

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
101: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
116: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
125: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
154: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
199: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
203: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
210: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
213: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
257: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
263: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
268: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
287: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
307: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
310: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
312: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
314: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
348: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
366: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
378: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
419: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
430: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
434: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
463: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
513: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
544: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
548: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
570: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
583: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
614: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
634: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
637: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
659: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
660: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
671: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
676: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
677: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
685: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
706: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
716: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
725: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
729: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
758: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
776: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
784: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
790: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
800: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
819: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
848: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
850: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
854: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
888: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
908: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"

** (process:13636): WARNING **: Dissector bug, protocol BT LE LL, in packet
911: packet-btle.c:843: failed assertion "btle_frame_info != ((void*)0)"
==13636== 
==13636== HEAP SUMMARY:
==13636==     in use at exit: 6,092,057 bytes in 10,030 blocks
==13636==   total heap usage: 286,794 allocs, 276,764 frees, 38,031,442 bytes
allocated
==13636== 
==13636== LEAK SUMMARY:
==13636==    definitely lost: 4,357 bytes in 354 blocks
==13636==    indirectly lost: 0 bytes in 0 blocks
==13636==      possibly lost: 0 bytes in 0 blocks
==13636==    still reachable: 6,087,700 bytes in 9,676 blocks
==13636==         suppressed: 0 bytes in 0 blocks
==13636== Rerun with --leak-check=full to see details of leaked memory
==13636== 
==13636== For counts of detected and suppressed errors, rerun with: -v
==13636== Use --track-origins=yes to see where uninitialised values come from
==13636== ERROR SUMMARY: 60 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.