| Bug ID |
12194
|
| Summary |
Buildbot crash output: fuzz-2016-02-28-2445.pcap
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
x86-64
|
| URL |
https://www.wireshark.org/download/automated/captures/fuzz-2016-02-28-2445.pcap
|
| OS |
Ubuntu
|
| Status |
CONFIRMED
|
| Severity |
Major
|
| Priority |
High
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2016-02-28-2445.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/10430-EMV_PSEs.pcapng
Build host information:
Linux wsbb04 3.13.0-77-generic #121-Ubuntu SMP Wed Jan 20 10:50:42 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3519
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=072f0856cb546cd31df653af18acbad7c7edb037
Return value: 1
Dissector bug: 0
Valgrind error count: 0
Git commit
commit 072f0856cb546cd31df653af18acbad7c7edb037
Author: Michael Mann <[email protected]>
Date: Sun Feb 21 12:30:47 2016 -0500
packet-amqp.c: Fix multiple fields with incompatible types
Change-Id: I68b7fa0b5d7fae86289807d7ef01a2141dcb8ff6
Reviewed-on: https://code.wireshark.org/review/14059
Reviewed-by: Michael Mann <[email protected]>
Petri-Dish: Michael Mann <[email protected]>
Tested-by: Petri Dish Buildbot <[email protected]>
Reviewed-by: Alexis La Goutte <[email protected]>
Command and args:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nVxr
=================================================================
==10524==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x606000207970 at pc 0x7f92c5f9e4a9 bp 0x7ffd0a0c1c20 sp 0x7ffd0a0c1c18
READ of size 4 at 0x606000207970 thread T0
#0 0x7f92c5f9e4a8
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x806f4a8)
#1 0x7f92c52a30dd
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x73740dd)
#2 0x7f92c5fea2a0
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80bb2a0)
#3 0x7f92c5fe6f0c
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80b7f0c)
#4 0x7f92c5fe8ab0
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80b9ab0)
#5 0x7f92c52a0001
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7371001)
#6 0x7f92c529fc9a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7370c9a)
#7 0x7f92c57dd25b
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78ae25b)
#8 0x7f92c52a0001
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7371001)
#9 0x7f92c529e15c
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x736f15c)
#10 0x7f92c529d952
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x736e952)
#11 0x7f92c527e00e
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x734f00e)
#12 0x50116c
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50116c)
#13 0x4fbd78
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4fbd78)
#14 0x7f92bb1d6ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#15 0x440366
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440366)
0x606000207970 is located 24 bytes to the right of 56-byte region
[0x606000207920,0x606000207958)
allocated by thread T0 here:
#0 0x4c7322
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4c7322)
#1 0x7f92bd60d610 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e610)
Shadow bytes around the buggy address:
0x0c0c80038ed0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c80038ee0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
0x0c0c80038ef0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
0x0c0c80038f00: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c80038f10: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c0c80038f20: fa fa fa fa 00 00 00 00 00 00 00 fa fa fa[fa]fa
0x0c0c80038f30: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
0x0c0c80038f40: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
0x0c0c80038f50: fa fa fa fa fd fd fd fd fd fd fd fa fa fa fa fa
0x0c0c80038f60: fd fd fd fd fd fd fd fa fa fa fa fa fd fd fd fd
0x0c0c80038f70: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==10524==ABORTING
[ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
