Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12239] New: Buildbot crash output: fuzz-2016-03-05-16049.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12239] New: Buildbot crash output: fuzz-2016-03-05-16049.p

Date: Sat, 05 Mar 2016 15:00:04 +0000

Bug ID	12239
Summary	Buildbot crash output: fuzz-2016-03-05-16049.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-03-05-16049.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-03-05-16049.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/03-13_los_altos.pcap

Build host information:
Linux wsbb04 3.13.0-77-generic #121-Ubuntu SMP Wed Jan 20 10:50:42 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.4 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=104
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_SLAVENAME=fuzz-test
BUILDBOT_GOT_REVISION=edb368067c13698f2fe656226c1419f25e617a17

Return value:  0

Dissector bug:  0

Valgrind error count:  2035



Git commit
commit edb368067c13698f2fe656226c1419f25e617a17
Author: Stig Bjørlykke <[email protected]>
Date:   Fri Mar 4 10:29:02 2016 +0100

    dmp: Show correct uncompressed user data length

    Change-Id: Iac9c6434da5bdd29768fbacd2bdc9cbe2713c17b
    Reviewed-on: https://code.wireshark.org/review/14336
    Reviewed-by: Stig Bjørlykke <[email protected]>
    (cherry picked from commit 25996e9e2165f0fd2020584a28cfbef4e389989b)
    Reviewed-on: https://code.wireshark.org/review/14337


Command and args: ./tools/valgrind-wireshark.sh 

==18292== Memcheck, a memory error detector
==18292== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==18292== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==18292== Command:
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-03-05-16049.pcap
==18292== 
==18292== Conditional jump or move depends on uninitialised value(s)
==18292==    at 0x68662AA: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:148)
==18292==    by 0x6BC1DAF: dissect_http_message (packet-http.c:810)
==18292==    by 0x6BC421E: dissect_http (packet-http.c:2958)
==18292==    by 0x68423CE: call_dissector_through_handle (packet.c:618)
==18292==    by 0x6842D64: call_dissector_work (packet.c:706)
==18292==    by 0x684355B: dissector_try_uint_new (packet.c:1163)
==18292==    by 0x6F8D105: decode_tcp_ports (packet-tcp.c:4622)
==18292==    by 0x6F8D4BE: process_tcp_payload (packet-tcp.c:4680)
==18292==    by 0x6F8DAA5: desegment_tcp (packet-tcp.c:2270)
==18292==    by 0x6F8DAA5: dissect_tcp_payload (packet-tcp.c:4747)
==18292==    by 0x6F8F90B: dissect_tcp (packet-tcp.c:5653)
==18292==    by 0x6842393: call_dissector_through_handle (packet.c:620)
==18292==    by 0x6842D64: call_dissector_work (packet.c:706)
==18292== 
==18292== Conditional jump or move depends on uninitialised value(s)
==18292==    at 0x686634F: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:228)
==18292==    by 0x6BC1DAF: dissect_http_message (packet-http.c:810)
==18292==    by 0x6BC421E: dissect_http (packet-http.c:2958)
==18292==    by 0x68423CE: call_dissector_through_handle (packet.c:618)
==18292==    by 0x6842D64: call_dissector_work (packet.c:706)
==18292==    by 0x684355B: dissector_try_uint_new (packet.c:1163)
==18292==    by 0x6F8D105: decode_tcp_ports (packet-tcp.c:4622)
==18292==    by 0x6F8D4BE: process_tcp_payload (packet-tcp.c:4680)
==18292==    by 0x6F8DAA5: desegment_tcp (packet-tcp.c:2270)
==18292==    by 0x6F8DAA5: dissect_tcp_payload (packet-tcp.c:4747)
==18292==    by 0x6F8F90B: dissect_tcp (packet-tcp.c:5653)
==18292==    by 0x6842393: call_dissector_through_handle (packet.c:620)
==18292==    by 0x6842D64: call_dissector_work (packet.c:706)
==18292== 
==18292== Conditional jump or move depends on uninitialised value(s)
==18292==    at 0x68662AA: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:148)
==18292==    by 0x6BC1DAF: dissect_http_message (packet-http.c:810)
==18292==    by 0x6BC421E: dissect_http (packet-http.c:2958)
==18292==    by 0x6BC4637: dissect_http_heur_tcp (packet-http.c:2997)
==18292==    by 0x6844669: dissector_try_heuristic (packet.c:2177)
==18292==    by 0x6F8D016: decode_tcp_ports (packet-tcp.c:4634)
==18292==    by 0x6F8D4BE: process_tcp_payload (packet-tcp.c:4680)
==18292==    by 0x6F8DAA5: desegment_tcp (packet-tcp.c:2270)
==18292==    by 0x6F8DAA5: dissect_tcp_payload (packet-tcp.c:4747)
==18292==    by 0x6F8F90B: dissect_tcp (packet-tcp.c:5653)
==18292==    by 0x6842393: call_dissector_through_handle (packet.c:620)
==18292==    by 0x6842D64: call_dissector_work (packet.c:706)
==18292==    by 0x684355B: dissector_try_uint_new (packet.c:1163)
==18292== 
==18292== Conditional jump or move depends on uninitialised value(s)
==18292==    at 0x686634F: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:228)
==18292==    by 0x6BC1DAF: dissect_http_message (packet-http.c:810)
==18292==    by 0x6BC421E: dissect_http (packet-http.c:2958)
==18292==    by 0x6BC4637: dissect_http_heur_tcp (packet-http.c:2997)
==18292==    by 0x6844669: dissector_try_heuristic (packet.c:2177)
==18292==    by 0x6F8D016: decode_tcp_ports (packet-tcp.c:4634)
==18292==    by 0x6F8D4BE: process_tcp_payload (packet-tcp.c:4680)
==18292==    by 0x6F8DAA5: desegment_tcp (packet-tcp.c:2270)
==18292==    by 0x6F8DAA5: dissect_tcp_payload (packet-tcp.c:4747)
==18292==    by 0x6F8F90B: dissect_tcp (packet-tcp.c:5653)
==18292==    by 0x6842393: call_dissector_through_handle (packet.c:620)
==18292==    by 0x6842D64: call_dissector_work (packet.c:706)
==18292==    by 0x684355B: dissector_try_uint_new (packet.c:1163)
==18292== 
==18292== 
==18292== HEAP SUMMARY:
==18292==     in use at exit: 1,059,224 bytes in 29,301 blocks
==18292==   total heap usage: 1,178,759 allocs, 1,149,458 frees, 91,586,189
bytes allocated
==18292== 
==18292== LEAK SUMMARY:
==18292==    definitely lost: 7,507 bytes in 1,031 blocks
==18292==    indirectly lost: 36,960 bytes in 76 blocks
==18292==      possibly lost: 0 bytes in 0 blocks
==18292==    still reachable: 1,014,757 bytes in 28,194 blocks
==18292==         suppressed: 0 bytes in 0 blocks
==18292== Rerun with --leak-check=full to see details of leaked memory
==18292== 
==18292== For counts of detected and suppressed errors, rerun with: -v
==18292== Use --track-origins=yes to see where uninitialised values come from
==18292== ERROR SUMMARY: 2035 errors from 4 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12239] Buildbot crash output: fuzz-2016-03-05-16049.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12008] Newlines in columns results in enlarged rows
Next by Date: [Wireshark-bugs] [Bug 12239] Buildbot crash output: fuzz-2016-03-05-16049.pcap
Previous by thread: [Wireshark-bugs] [Bug 12008] Newlines in columns results in enlarged rows
Next by thread: [Wireshark-bugs] [Bug 12239] Buildbot crash output: fuzz-2016-03-05-16049.pcap
Index(es):
- Date
- Thread