Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12916] New: Buildbot crash output: fuzz-2016-09-17-3735.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12916] New: Buildbot crash output: fuzz-2016-09-17-3735.pc

Date: Sat, 17 Sep 2016 18:00:03 +0000

Bug ID	12916
Summary	Buildbot crash output: fuzz-2016-09-17-3735.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-09-17-3735.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-17-3735.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/11007-packet-loss.pcap

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=3692
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=c82303610d0727f938ec003aeec7c2c7cc4693f0

Return value:  1

Dissector bug:  0

Valgrind error count:  0



Git commit
commit c82303610d0727f938ec003aeec7c2c7cc4693f0
Author: Pascal Quantin <[email protected]>
Date:   Sat Sep 17 18:36:32 2016 +0200

    ISUP: do not display Called Party Number twice

    Bug: 12911
    Change-Id: I3632ffbeb85a96d9268eca6ddc0f8b38587688c4
    Reviewed-on: https://code.wireshark.org/review/17758
    Reviewed-by: Pascal Quantin <[email protected]>


=================================================================
==9665==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7ffddbfbc951 at pc 0x000000440f03 bp 0x7ffddbfbc650 sp 0x7ffddbfbbe00
READ of size 7 at 0x7ffddbfbc951 thread T0
    #0 0x440f02 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440f02)
    #1 0x7f6d5c1834f2  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x684f2)
    #2 0x7f6d6449bdd3 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7a04dd3)
    #3 0x7f6d643cfba7 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7938ba7)
    #4 0x7f6d643d00ea 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x79390ea)
    #5 0x7f6d648b058d 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1958d)
    #6 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #7 0x7f6d643886ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac)
    #8 0x7f6d54e1a882 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x138882)
    #9 0x7f6d54e070a3 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x1250a3)
    #10 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #11 0x7f6d6438ab08 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f3b08)
    #12 0x7f6d54dfb4c4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x1194c4)
    #13 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #14 0x7f6d643886ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac)
    #15 0x7f6d54df996f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x11796f)
    #16 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #17 0x7f6d643886ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac)
    #18 0x7f6d54df71a2 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/wimax.so+0x1151a2)
    #19 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #20 0x7f6d643886ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac)
    #21 0x7f6d55180ac0 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/wireshark/plugins/2.3.0/m2m.so+0x6ac0)
    #22 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #23 0x7f6d6438ab08 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f3b08)
    #24 0x7f6d648ee838 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e57838)
    #25 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #26 0x7f6d643886ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac)
    #27 0x7f6d648ece48 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e55e48)
    #28 0x7f6d648eb770 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e54770)
    #29 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #30 0x7f6d6438a50a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f350a)
    #31 0x7f6d649367af 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e9f7af)
    #32 0x7f6d6438a83c 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f383c)
    #33 0x7f6d643886ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f16ac)
    #34 0x7f6d64387e7a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f0e7a)
    #35 0x7f6d6436e06e 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78d706e)
    #36 0x50ea04 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50ea04)
    #37 0x5090d5 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x5090d5)
    #38 0x7f6d5a34f82f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #39 0x423328 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x423328)

Address 0x7ffddbfbc951 is located in stack of thread T0 at offset 49 in frame
    #0 0x7f6d648afd3f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e18d3f)

  This frame has 3 object(s):
    [32, 33) 'eap_identity_prefix.i'
    [48, 49) 'eap_identity_prefix' <== Memory access at offset 49 overflows
this variable
    [64, 72) 'frag_tree_item'
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440f02) 
Shadow bytes around the buggy address:
  0x10003b7ef8d0: 00 00 00 00 f1 f1 f1 f1 04 f2 04 f3 00 00 00 00
  0x10003b7ef8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b7ef8f0: f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00
  0x10003b7ef900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b7ef910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10003b7ef920: 00 00 00 00 f1 f1 f1 f1 01 f2[01]f2 00 f3 f3 f3
  0x10003b7ef930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b7ef940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b7ef950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10003b7ef960: f1 f1 f1 f1 00 04 f3 f3 00 00 00 00 00 00 00 00
  0x10003b7ef970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==9665==ABORTING

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12916] Buildbot crash output: fuzz-2016-09-17-3735.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12907] Option 82 suboption 12 is displayed as Unknown in linux version of tshark
Next by Date: [Wireshark-bugs] [Bug 12916] Buildbot crash output: fuzz-2016-09-17-3735.pcap
Previous by thread: [Wireshark-bugs] [Bug 12915] New: SMB2 MessageId should be stored and rendered as an unsigned 64-bit integer
Next by thread: [Wireshark-bugs] [Bug 12916] Buildbot crash output: fuzz-2016-09-17-3735.pcap
Index(es):
- Date
- Thread