| Bug ID |
12256
|
| Summary |
Buildbot crash output: fuzz-2016-03-12-14868.pcap
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
x86-64
|
| URL |
https://www.wireshark.org/download/automated/captures/fuzz-2016-03-12-14868.pcap
|
| OS |
Ubuntu
|
| Status |
CONFIRMED
|
| Severity |
Major
|
| Priority |
High
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2016-03-12-14868.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/001349.cap
Build host information:
Linux wsbb04 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=109
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_SLAVENAME=fuzz-test
BUILDBOT_GOT_REVISION=279845cbf3612baa2a6bff6d3e339021cd6e035c
Return value: 0
Dissector bug: 0
Valgrind error count: 2
Git commit
commit 279845cbf3612baa2a6bff6d3e339021cd6e035c
Author: Remi Gacogne <[email protected]>
Date: Wed Mar 9 19:01:10 2016 +0100
DNS: Fix handling of the server part of EDNS0 Cookie Option
cur_offset was not incremented for the server part, causing a
"Malformed packet" message.
Change-Id: I21cb876e0d70b1de0cb2f76d37edec4c2ec7c788
Reviewed-on: https://code.wireshark.org/review/14402
Reviewed-by: Michael Mann <[email protected]>
(cherry picked from commit cc251536fbd195e0484356ff0e24ce5cae4c2806)
Reviewed-on: https://code.wireshark.org/review/14410
Command and args: ./tools/valgrind-wireshark.sh
==16374== Memcheck, a memory error detector
==16374== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==16374== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==16374== Command:
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-03-12-14868.pcap
==16374==
==16374== Conditional jump or move depends on uninitialised value(s)
==16374== at 0x68665BA: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:148)
==16374== by 0x6BC20BF: dissect_http_message (packet-http.c:810)
==16374== by 0x6BC452E: dissect_http (packet-http.c:2958)
==16374== by 0x68426DE: call_dissector_through_handle (packet.c:618)
==16374== by 0x6843074: call_dissector_work (packet.c:706)
==16374== by 0x684386B: dissector_try_uint_new (packet.c:1163)
==16374== by 0x6F8D415: decode_tcp_ports (packet-tcp.c:4622)
==16374== by 0x6F8D7CE: process_tcp_payload (packet-tcp.c:4680)
==16374== by 0x6F8DDB5: desegment_tcp (packet-tcp.c:2270)
==16374== by 0x6F8DDB5: dissect_tcp_payload (packet-tcp.c:4747)
==16374== by 0x6F8FC1B: dissect_tcp (packet-tcp.c:5653)
==16374== by 0x68426A3: call_dissector_through_handle (packet.c:620)
==16374== by 0x6843074: call_dissector_work (packet.c:706)
==16374==
==16374==
==16374== HEAP SUMMARY:
==16374== in use at exit: 1,039,553 bytes in 28,332 blocks
==16374== total heap usage: 238,573 allocs, 210,241 frees, 31,134,557 bytes
allocated
==16374==
==16374== LEAK SUMMARY:
==16374== definitely lost: 2,908 bytes in 125 blocks
==16374== indirectly lost: 36,448 bytes in 48 blocks
==16374== possibly lost: 0 bytes in 0 blocks
==16374== still reachable: 1,000,197 bytes in 28,159 blocks
==16374== suppressed: 0 bytes in 0 blocks
==16374== Rerun with --leak-check=full to see details of leaked memory
==16374==
==16374== For counts of detected and suppressed errors, rerun with: -v
==16374== Use --track-origins=yes to see where uninitialised values come from
==16374== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)
[ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
