Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12836] New: Buildbot crash output: fuzz-2016-09-06-25482.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12836] New: Buildbot crash output: fuzz-2016-09-06-25482.p

Date: Wed, 07 Sep 2016 20:10:03 +0000

Bug ID	12836
Summary	Buildbot crash output: fuzz-2016-09-06-25482.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-09-06-25482.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-06-25482.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/usb_u3v_sample.pcapng

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=77
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=e553366562bd04fd9a2aa7937c49b9291e84a77e

Return value:  0

Dissector bug:  0

Valgrind error count:  16



Git commit
commit e553366562bd04fd9a2aa7937c49b9291e84a77e
Author: Mirko Parthey <[email protected]>
Date:   Mon Sep 5 16:39:45 2016 +0200

    ISAKMP: Fix handling of cert requests without CA

    Check IKEv1 Certificate Request Payloads for an empty
    Certificate Authority field, which is allowed by RFC 2408.
    Suppress dissection of this field if it is indeed empty.

    Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
    Reviewed-on: https://code.wireshark.org/review/17501
    Reviewed-by: Michael Mann <[email protected]>
    Petri-Dish: Michael Mann <[email protected]>
    Tested-by: Petri Dish Buildbot <[email protected]>
    Reviewed-by: Alexis La Goutte <[email protected]>
    (cherry picked from commit 70f3737c3e4d9402cb2bb67cdd892e0e7e0ee991)
    Reviewed-on: https://code.wireshark.org/review/17504


==17333== Memcheck, a memory error detector
==17333== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==17333== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==17333== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-06-25482.pcap
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE42: dissect_u3v_register_bases (packet-u3v.c:1030)
==17333==    by 0x712EE42: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE42: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE4B: dissect_u3v_register_bases (packet-u3v.c:1031)
==17333==    by 0x712EE4B: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE4B: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE58: dissect_u3v_register_bases (packet-u3v.c:1031)
==17333==    by 0x712EE58: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE58: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== Conditional jump or move depends on uninitialised value(s)
==17333==    at 0x712EE72: dissect_u3v_register_bases (packet-u3v.c:1040)
==17333==    by 0x712EE72: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==17333==    by 0x712EE72: dissect_u3v (packet-u3v.c:1837)
==17333==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==17333==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==17333==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==17333==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==17333==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==17333==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==17333==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==17333==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==17333==    by 0x69480FE: call_dissector_work (packet.c:723)
==17333==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==17333==    by 0x694A06C: dissect_record (packet.c:531)
==17333== 
==17333== 
==17333== HEAP SUMMARY:
==17333==     in use at exit: 445,912 bytes in 9,614 blocks
==17333==   total heap usage: 258,745 allocs, 249,131 frees, 32,625,322 bytes
allocated
==17333== 
==17333== LEAK SUMMARY:
==17333==    definitely lost: 343 bytes in 20 blocks
==17333==    indirectly lost: 362 bytes in 4 blocks
==17333==      possibly lost: 0 bytes in 0 blocks
==17333==    still reachable: 445,207 bytes in 9,590 blocks
==17333==         suppressed: 0 bytes in 0 blocks
==17333== Rerun with --leak-check=full to see details of leaked memory
==17333== 
==17333== For counts of detected and suppressed errors, rerun with: -v
==17333== Use --track-origins=yes to see where uninitialised values come from
==17333== ERROR SUMMARY: 16 errors from 4 contexts (suppressed: 1 from 1)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12836] Buildbot crash output: fuzz-2016-09-06-25482.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12835] New: Bad description for NBSS error code 0x81
Next by Date: [Wireshark-bugs] [Bug 12835] Bad description for NBSS error code 0x81
Previous by thread: [Wireshark-bugs] [Bug 12835] Bad description for NBSS error code 0x81
Next by thread: [Wireshark-bugs] [Bug 12836] Buildbot crash output: fuzz-2016-09-06-25482.pcap
Index(es):
- Date
- Thread