Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10491] New: Buildbot crash output: fuzz-2014-09-20-28834.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10491] New: Buildbot crash output: fuzz-2014-09-20-28834.p

Date: Sun, 21 Sep 2014 02:00:02 +0000

Bug ID	10491
Summary	Buildbot crash output: fuzz-2014-09-20-28834.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-09-20-28834.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-09-20-28834.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/2415-wsp.pcap

Build host information:
Linux wsbb04 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=2967
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=b7940046fae473cf1d64a76ee90b23ca89b93768

Return value:  0

Dissector bug:  0

Valgrind error count:  6



Git commit
commit b7940046fae473cf1d64a76ee90b23ca89b93768
Author: Bill Meier <[email protected]>
Date:   Thu Sep 18 22:29:29 2014 -0400

    packet-http2.c: Do encoding-arg changes (all benign)

    For:
    - FT_BYTES: Always use just ENC_NA
    - integral/floating (other than FT_[U]INT8): Do ENC_NA --> ENC_BIG_ENDIAN

    Change-Id: I0885f7d110014cb8a7eba1c1892ed8d0852d076a
    Reviewed-on: https://code.wireshark.org/review/4187
    Reviewed-by: Bill Meier <[email protected]>


Command and args: ./tools/valgrind-wireshark.sh -T

==15985== Memcheck, a memory error detector
==15985== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==15985== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==15985== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-09-20-28834.pcap
==15985== 
==15985== Conditional jump or move depends on uninitialised value(s)
==15985==    at 0x6650D05: get_ts_23_038_7bits_string (charsets.c:749)
==15985==    by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985==    by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985==    by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985==    by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985==    by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985==    by 0x6666764: call_dissector_work (packet.c:713)
==15985==    by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985==    by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985==    by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985==    by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985==    by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985== 
==15985== Use of uninitialised value of size 8
==15985==    at 0x6650DA5: get_ts_23_038_7bits_string (charsets.c:708)
==15985==    by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985==    by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985==    by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985==    by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985==    by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985==    by 0x6666764: call_dissector_work (packet.c:713)
==15985==    by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985==    by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985==    by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985==    by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985==    by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985== 
==15985== Conditional jump or move depends on uninitialised value(s)
==15985==    at 0x6650D3F: get_ts_23_038_7bits_string (charsets.c:749)
==15985==    by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985==    by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985==    by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985==    by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985==    by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985==    by 0x6666764: call_dissector_work (packet.c:713)
==15985==    by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985==    by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985==    by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985==    by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985==    by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985== 
==15985== Use of uninitialised value of size 8
==15985==    at 0x6650DC1: get_ts_23_038_7bits_string (charsets.c:708)
==15985==    by 0x6681F3E: proto_tree_add_ts_23_038_7bits_item (proto.c:8166)
==15985==    by 0x69866CC: dis_field_ud (packet-gsm_sms.c:2596)
==15985==    by 0x69883B5: dis_msg_deliver (packet-gsm_sms.c:2792)
==15985==    by 0x6983CA7: dissect_gsm_sms (packet-gsm_sms.c:3356)
==15985==    by 0x6665E7E: call_dissector_through_handle (packet.c:622)
==15985==    by 0x6666764: call_dissector_work (packet.c:713)
==15985==    by 0x70A3A81: dissect_gsm_old_ForwardSM_Arg.constprop.9
(gsm_map.cnf:411)
==15985==    by 0x6762BBC: dissect_ber_sequence (packet-ber.c:2386)
==15985==    by 0x7099B7F: dissect_gsm_old_Invoke (gsm_map.cnf:219)
==15985==    by 0x6760F86: dissect_ber_choice (packet-ber.c:2886)
==15985==    by 0x70A503E: dissect_gsm_map (gsm_map.cnf:398)
==15985== 
==15985== 
==15985== HEAP SUMMARY:
==15985==     in use at exit: 1,215,429 bytes in 29,586 blocks
==15985==   total heap usage: 223,013 allocs, 193,427 frees, 28,442,266 bytes
allocated
==15985== 
==15985== LEAK SUMMARY:
==15985==    definitely lost: 3,592 bytes in 158 blocks
==15985==    indirectly lost: 36,648 bytes in 49 blocks
==15985==      possibly lost: 0 bytes in 0 blocks
==15985==    still reachable: 1,175,189 bytes in 29,379 blocks
==15985==         suppressed: 0 bytes in 0 blocks
==15985== Rerun with --leak-check=full to see details of leaked memory
==15985== 
==15985== For counts of detected and suppressed errors, rerun with: -v
==15985== Use --track-origins=yes to see where uninitialised values come from
==15985== ERROR SUMMARY: 6 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10490] SAC value of 3GPP-User-Location-Info AVP to be displayed as hex and decimal
Next by Date: [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
Previous by thread: [Wireshark-bugs] [Bug 10490] SAC value of 3GPP-User-Location-Info AVP to be displayed as hex and decimal
Next by thread: [Wireshark-bugs] [Bug 10491] Buildbot crash output: fuzz-2014-09-20-28834.pcap
Index(es):
- Date
- Thread