| Bug ID |
12278
|
| Summary |
Buildbot crash output: fuzz-2016-03-22-29021.pcap
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
x86-64
|
| URL |
https://www.wireshark.org/download/automated/captures/fuzz-2016-03-22-29021.pcap
|
| OS |
Ubuntu
|
| Status |
CONFIRMED
|
| Severity |
Major
|
| Priority |
High
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2016-03-22-29021.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/10860-packet-gsm.pcap
Build host information:
Linux wsbb04 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 14.04.4 LTS
Release: 14.04
Codename: trusty
Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_BUILDNUMBER=3553
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=bb48c859c98b00320398f54f14fd9b16f4fa3cf2
Return value: 1
Dissector bug: 0
Valgrind error count: 0
Git commit
commit bb48c859c98b00320398f54f14fd9b16f4fa3cf2
Author: Gerald Combs <[email protected]>
Date: Tue Mar 15 09:49:48 2016 -0700
Qt: Normalize timerEvents
Make our timerEvent code more consistent. Make sure we use timer IDs and
that we call our base class timerEvent everywhere.
Change-Id: Ib67daa459a8a2f9b67487c3952b7b35c7f162f7e
Reviewed-on: https://code.wireshark.org/review/14480
Petri-Dish: Gerald Combs <[email protected]>
Tested-by: Petri Dish Buildbot <[email protected]>
Reviewed-by: Gerald Combs <[email protected]>
=================================================================
==6454==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffc50966c90 at pc 0x7f754c35ad85 bp 0x7ffc50966b90 sp 0x7ffc50966b88
READ of size 1 at 0x7ffc50966c90 thread T0
#0 0x7f754c35ad84
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x796ad84)
#1 0x7f754bd75891
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
#2 0x7f754bd7399c
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738399c)
#3 0x7f754c36b660
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x797b660)
#4 0x7f754bd75891
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
#5 0x7f754bd75b38
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385b38)
#6 0x7f754caa7631
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80b7631)
#7 0x7f754caabd39
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80bbd39)
#8 0x7f754caa8bdd
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x80b8bdd)
#9 0x7f754bd75891
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
#10 0x7f754bd7552a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738552a)
#11 0x7f754c457f13
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7a67f13)
#12 0x7f754c45afcb
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7a6afcb)
#13 0x7f754bd75891
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
#14 0x7f754bd75b38
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385b38)
#15 0x7f754c276451
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7886451)
#16 0x7f754bd75891
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
#17 0x7f754bd7399c
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738399c)
#18 0x7f754c274bf6
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7884bf6)
#19 0x7f754c273840
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7883840)
#20 0x7f754bd75891
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
#21 0x7f754bd7552a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738552a)
#22 0x7f754c2c00b2
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78d00b2)
#23 0x7f754bd75891
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7385891)
#24 0x7f754bd7399c
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x738399c)
#25 0x7f754bd73192
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7383192)
#26 0x7f754bd5370e
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x736370e)
#27 0x50116c
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50116c)
#28 0x4fbd78
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4fbd78)
#29 0x7f7541c98ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#30 0x440366
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440366)
Address 0x7ffc50966c90 is located in stack of thread T0 at offset 80 in frame
#0 0x7f754c359b6f
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7969b6f)
This frame has 3 object(s):
[32, 80) 'new_slots.i' <== Memory access at offset 80 overflows this
variable
[112, 208) 'other_slots.i'
[240, 248) 'item.i'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
Shadow bytes around the buggy address:
0x10000a124d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000a124d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000a124d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000a124d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000a124d80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
=>0x10000a124d90: 00 00[f2]f2 f2 f2 00 00 00 00 00 00 00 00 00 00
0x10000a124da0: 00 00 f2 f2 f2 f2 00 f3 f3 f3 f3 f3 00 00 00 00
0x10000a124db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000a124dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000a124dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000a124de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==6454==ABORTING
[ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
