Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12849] New: Buildbot crash output: fuzz-2016-09-08-582.pcap

[bugzilla-daemon@xxxxxxxxxxxxx]

Bug ID	12849
Summary	Buildbot crash output: fuzz-2016-09-08-582.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-09-08-582.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-08-582.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/usb_u3v_sample.pcapng

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=78
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=2ca12ab5f2898dac9cf588f221d865520d2504d3

Return value:  0

Dissector bug:  0

Valgrind error count:  12



Git commit
commit 2ca12ab5f2898dac9cf588f221d865520d2504d3
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Sep 7 12:03:06 2016 -0700

    2.2.0 → 2.2.1.

    Change-Id: Iad1f59334d310bdfdcc1d5aa031e50c7cdfd52ad
    Reviewed-on: https://code.wireshark.org/review/17561
    Reviewed-by: Gerald Combs <gerald@wireshark.org>


==9859== Memcheck, a memory error detector
==9859== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9859== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9859== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-08-582.pcap
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x712EE42: dissect_u3v_register_bases (packet-u3v.c:1030)
==9859==    by 0x712EE42: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==9859==    by 0x712EE42: dissect_u3v (packet-u3v.c:1837)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==9859==    by 0x694A06C: dissect_record (packet.c:531)
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x712EE4B: dissect_u3v_register_bases (packet-u3v.c:1031)
==9859==    by 0x712EE4B: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==9859==    by 0x712EE4B: dissect_u3v (packet-u3v.c:1837)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==9859==    by 0x694A06C: dissect_record (packet.c:531)
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x712EE58: dissect_u3v_register_bases (packet-u3v.c:1031)
==9859==    by 0x712EE58: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==9859==    by 0x712EE58: dissect_u3v (packet-u3v.c:1837)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==9859==    by 0x694A06C: dissect_record (packet.c:531)
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x712EE72: dissect_u3v_register_bases (packet-u3v.c:1040)
==9859==    by 0x712EE72: dissect_u3v_read_mem_ack (packet-u3v.c:1406)
==9859==    by 0x712EE72: dissect_u3v (packet-u3v.c:1837)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==9859==    by 0x694A06C: dissect_record (packet.c:531)
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x712DF0F: get_register_name_from_address (packet-u3v.c:969)
==9859==    by 0x712F4C5: dissect_u3v_write_mem_ack (packet-u3v.c:1446)
==9859==    by 0x712F4C5: dissect_u3v (packet-u3v.c:1841)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x6985BB8: try_val_to_str_idx (value_string.c:97)
==9859==    by 0x6985C4D: try_val_to_str (value_string.c:114)
==9859==    by 0x712DF5D: get_register_name_from_address (packet-u3v.c:971)
==9859==    by 0x712F4C5: dissect_u3v_write_mem_ack (packet-u3v.c:1446)
==9859==    by 0x712F4C5: dissect_u3v (packet-u3v.c:1841)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x712DF23: get_register_name_from_address (packet-u3v.c:973)
==9859==    by 0x712F4C5: dissect_u3v_write_mem_ack (packet-u3v.c:1446)
==9859==    by 0x712F4C5: dissect_u3v (packet-u3v.c:1841)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==9859== 
==9859== Conditional jump or move depends on uninitialised value(s)
==9859==    at 0x712DF44: get_register_name_from_address (packet-u3v.c:981)
==9859==    by 0x712F4C5: dissect_u3v_write_mem_ack (packet-u3v.c:1446)
==9859==    by 0x712F4C5: dissect_u3v (packet-u3v.c:1841)
==9859==    by 0x712F749: dissect_u3v_heur (packet-u3v.c:1911)
==9859==    by 0x69494BF: dissector_try_heuristic (packet.c:2429)
==9859==    by 0x715E099: try_dissect_next_protocol (packet-usb.c:3172)
==9859==    by 0x715FF58: dissect_usb_payload (packet-usb.c:3958)
==9859==    by 0x715FF58: dissect_usb_common (packet-usb.c:4315)
==9859==    by 0x7162210: dissect_win32_usb (packet-usb.c:4337)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6948828: dissector_try_uint_new (packet.c:1188)
==9859==    by 0x6C46837: dissect_frame (packet-frame.c:507)
==9859==    by 0x69480FE: call_dissector_through_handle (packet.c:648)
==9859==    by 0x69480FE: call_dissector_work (packet.c:723)
==9859==    by 0x6949B31: call_dissector_with_data (packet.c:2816)
==9859== 
==9859== 
==9859== HEAP SUMMARY:
==9859==     in use at exit: 445,910 bytes in 9,614 blocks
==9859==   total heap usage: 257,889 allocs, 248,275 frees, 32,609,230 bytes
allocated
==9859== 
==9859== LEAK SUMMARY:
==9859==    definitely lost: 343 bytes in 20 blocks
==9859==    indirectly lost: 362 bytes in 4 blocks
==9859==      possibly lost: 0 bytes in 0 blocks
==9859==    still reachable: 445,205 bytes in 9,590 blocks
==9859==         suppressed: 0 bytes in 0 blocks
==9859== Rerun with --leak-check=full to see details of leaked memory
==9859== 
==9859== For counts of detected and suppressed errors, rerun with: -v
==9859== Use --track-origins=yes to see where uninitialised values come from
==9859== ERROR SUMMARY: 12 errors from 8 contexts (suppressed: 1 from 1)

[ no debug trace ]

---

      You are receiving this mail because:

• You are watching all bug changes.