| Bug ID |
9263
|
| Summary |
Buildbot crash output: fuzz-2013-10-10-12811.pcap
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
x86-64
|
| URL |
http://www.wireshark.org/download/automated/captures/fuzz-2013-10-10-12811.pcap
|
| OS |
Ubuntu
|
| Status |
CONFIRMED
|
| Severity |
Major
|
| Priority |
High
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Problems have been found with the following capture file:
http://www.wireshark.org/download/automated/captures/fuzz-2013-10-10-12811.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/10518-malformed-readdirs.cap.gz
Build host information:
Linux wsbb04 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 12.04.2 LTS
Release: 12.04
Codename: precise
Buildbot information:
BUILDBOT_REPOSITORY=http://code.wireshark.org/git/wireshark
BUILDBOT_BUILDNUMBER=2124
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang-Code-Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=69da562c83e58c9bf71775ab492219534ee459cc
Return value: 0
Dissector bug: 0
Valgrind error count: 3
Git commit
commit 69da562c83e58c9bf71775ab492219534ee459cc
Author: Evan Huus <[email protected]>
Date: Tue Oct 8 21:12:06 2013 +0000
Don't try and construct an OID string if the len is zero. Fixes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9246
svn path=/trunk/; revision=52455
Command and args: ./tools/valgrind-wireshark.sh -T
==21838== Memcheck, a memory error detector
==21838== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==21838== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==21838== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2013-10-10-12811.pcap
==21838==
==21838== Conditional jump or move depends on uninitialised value(s)
==21838== at 0x64AE7AD: get_token_len (strutil.c:127)
==21838== by 0x680AEAD: dissect_imap (packet-imap.c:216)
==21838== by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838== by 0x6486A64: call_dissector_work (packet.c:586)
==21838== by 0x64873A2: dissector_try_uint_new (packet.c:1017)
==21838== by 0x64873F6: dissector_try_uint (packet.c:1043)
==21838== by 0x6B0B33C: decode_tcp_ports (packet-tcp.c:3867)
==21838== by 0x6B0B77D: process_tcp_payload (packet-tcp.c:3926)
==21838== by 0x6B0BD2D: dissect_tcp_payload (packet-tcp.c:1751)
==21838== by 0x6B0D0EB: dissect_tcp (packet-tcp.c:4763)
==21838== by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838== by 0x6486A64: call_dissector_work (packet.c:586)
==21838==
==21838== Conditional jump or move depends on uninitialised value(s)
==21838== at 0x64AE7B1: get_token_len (strutil.c:127)
==21838== by 0x680AEAD: dissect_imap (packet-imap.c:216)
==21838== by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838== by 0x6486A64: call_dissector_work (packet.c:586)
==21838== by 0x64873A2: dissector_try_uint_new (packet.c:1017)
==21838== by 0x64873F6: dissector_try_uint (packet.c:1043)
==21838== by 0x6B0B33C: decode_tcp_ports (packet-tcp.c:3867)
==21838== by 0x6B0B77D: process_tcp_payload (packet-tcp.c:3926)
==21838== by 0x6B0BD2D: dissect_tcp_payload (packet-tcp.c:1751)
==21838== by 0x6B0D0EB: dissect_tcp (packet-tcp.c:4763)
==21838== by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838== by 0x6486A64: call_dissector_work (packet.c:586)
==21838==
==21838== Conditional jump or move depends on uninitialised value(s)
==21838== at 0x64AE7B5: get_token_len (strutil.c:127)
==21838== by 0x680AEAD: dissect_imap (packet-imap.c:216)
==21838== by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838== by 0x6486A64: call_dissector_work (packet.c:586)
==21838== by 0x64873A2: dissector_try_uint_new (packet.c:1017)
==21838== by 0x64873F6: dissector_try_uint (packet.c:1043)
==21838== by 0x6B0B33C: decode_tcp_ports (packet-tcp.c:3867)
==21838== by 0x6B0B77D: process_tcp_payload (packet-tcp.c:3926)
==21838== by 0x6B0BD2D: dissect_tcp_payload (packet-tcp.c:1751)
==21838== by 0x6B0D0EB: dissect_tcp (packet-tcp.c:4763)
==21838== by 0x6486117: call_dissector_through_handle (packet.c:492)
==21838== by 0x6486A64: call_dissector_work (packet.c:586)
==21838==
** (process:21838): WARNING **: Dissector bug, protocol SMB, in packet 24872:
proto.c:2978: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"
==21838==
==21838== HEAP SUMMARY:
==21838== in use at exit: 1,124,059 bytes in 25,110 blocks
==21838== total heap usage: 6,272,898 allocs, 6,247,788 frees, 412,398,827
bytes allocated
==21838==
==21838== LEAK SUMMARY:
==21838== definitely lost: 1,761 bytes in 89 blocks
==21838== indirectly lost: 1,400 bytes in 51 blocks
==21838== possibly lost: 0 bytes in 0 blocks
==21838== still reachable: 1,120,898 bytes in 24,970 blocks
==21838== suppressed: 0 bytes in 0 blocks
==21838== Rerun with --leak-check=full to see details of leaked memory
==21838==
==21838== For counts of detected and suppressed errors, rerun with: -v
==21838== Use --track-origins=yes to see where uninitialised values come from
==21838== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 3 from 3)
[ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
