Wireshark-bugs: [Wireshark-bugs] [Bug 9316] New: Buildbot crash output: fuzz-2013-10-23-32245.pc
Date: Wed, 23 Oct 2013 11:40:15 +0000
Bug ID | 9316 |
---|---|
Summary | Buildbot crash output: fuzz-2013-10-23-32245.pcap |
Classification | Unclassified |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | http://www.wireshark.org/download/automated/captures/fuzz-2013-10-23-32245.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | buildbot-do-not-reply@wireshark.org |
Problems have been found with the following capture file: http://www.wireshark.org/download/automated/captures/fuzz-2013-10-23-32245.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/03-13_los_altos.pcap Build host information: Linux wsbb04 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 12.04.2 LTS Release: 12.04 Codename: precise Buildbot information: BUILDBOT_REPOSITORY=http://code.wireshark.org/git/wireshark BUILDBOT_BUILDNUMBER=2139 BUILDBOT_URL=http://buildbot.wireshark.org/trunk/ BUILDBOT_BUILDERNAME=Clang-Code-Analysis BUILDBOT_SLAVENAME=clang-code-analysis BUILDBOT_GOT_REVISION=23191ea6e69a69dae906664134180eca1a870cb1 Return value: 0 Dissector bug: 0 Valgrind error count: 216 Git commit commit 23191ea6e69a69dae906664134180eca1a870cb1 Author: Evan Huus <eapache@gmail.com> Date: Mon Oct 21 13:07:19 2013 +0000 Don't go into a loop if we find a zero-length line. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9312 Anders, this may be related to your recent TVB optimizations, since I don't think it happened before that? Did you change the behaviour of tvb_find_line_end or its callees at all? svn path=/trunk/; revision=52730 Command and args: ./tools/valgrind-wireshark.sh -T ==9264== Memcheck, a memory error detector ==9264== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==9264== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==9264== Command: /home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark -Vx -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2013-10-23-32245.pcap ==9264== ==9264== Conditional jump or move depends on uninitialised value(s) ==9264== at 0x4C2BFB8: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252D1: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E24F8: dissect_http_message (packet-http.c:2433) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B55F56: decode_udp_ports (packet-udp.c:365) ==9264== by 0x6B565D9: dissect (packet-udp.c:694) ==9264== ==9264== Invalid read of size 1 ==9264== at 0x4C2BFB4: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252D1: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E24F8: dissect_http_message (packet-http.c:2433) ==9264== by 0x67E3588: dissect_http (packet-http.c:2704) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B26C97: decode_tcp_ports (packet-tcp.c:3853) ==9264== Address 0xff394dd is 0 bytes after a block of size 173 alloc'd ==9264== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x9510A78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64BC6D9: fragment_add_work.isra.7 (reassemble.c:1064) ==9264== by 0x64BCAD3: fragment_add_common (reassemble.c:1371) ==9264== by 0x64BD2B7: fragment_add (reassemble.c:1391) ==9264== by 0x6B2946E: dissect_tcp (packet-tcp.c:4686) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x683270E: dissect_ip (packet-ip.c:2407) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== ==9264== Invalid read of size 1 ==9264== at 0x4C2D1A0: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E24F8: dissect_http_message (packet-http.c:2433) ==9264== by 0x67E3588: dissect_http (packet-http.c:2704) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B26C97: decode_tcp_ports (packet-tcp.c:3853) ==9264== Address 0xff394dd is 0 bytes after a block of size 173 alloc'd ==9264== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x9510A78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64BC6D9: fragment_add_work.isra.7 (reassemble.c:1064) ==9264== by 0x64BCAD3: fragment_add_common (reassemble.c:1371) ==9264== by 0x64BD2B7: fragment_add (reassemble.c:1391) ==9264== by 0x6B2946E: dissect_tcp (packet-tcp.c:4686) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x683270E: dissect_ip (packet-ip.c:2407) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== ==9264== Invalid read of size 2 ==9264== at 0x4C2D160: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E24F8: dissect_http_message (packet-http.c:2433) ==9264== by 0x67E3588: dissect_http (packet-http.c:2704) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B26C97: decode_tcp_ports (packet-tcp.c:3853) ==9264== Address 0xff394dc is 172 bytes inside a block of size 173 alloc'd ==9264== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x9510A78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64BC6D9: fragment_add_work.isra.7 (reassemble.c:1064) ==9264== by 0x64BCAD3: fragment_add_common (reassemble.c:1371) ==9264== by 0x64BD2B7: fragment_add (reassemble.c:1391) ==9264== by 0x6B2946E: dissect_tcp (packet-tcp.c:4686) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x683270E: dissect_ip (packet-ip.c:2407) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== ==9264== Invalid read of size 1 ==9264== at 0x4C2D08F: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E2CDD: dissect_http_message (packet-http.c:2369) ==9264== by 0x67E3588: dissect_http (packet-http.c:2704) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B26C97: decode_tcp_ports (packet-tcp.c:3853) ==9264== Address 0x10b27afd is 0 bytes after a block of size 173 alloc'd ==9264== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x9510A78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64BC6D9: fragment_add_work.isra.7 (reassemble.c:1064) ==9264== by 0x64BCAD3: fragment_add_common (reassemble.c:1371) ==9264== by 0x64BD2B7: fragment_add (reassemble.c:1391) ==9264== by 0x6B2946E: dissect_tcp (packet-tcp.c:4686) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x683270E: dissect_ip (packet-ip.c:2407) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== ==9264== Invalid read of size 2 ==9264== at 0x4C2D050: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E24F8: dissect_http_message (packet-http.c:2433) ==9264== by 0x67E3588: dissect_http (packet-http.c:2704) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B26C97: decode_tcp_ports (packet-tcp.c:3853) ==9264== Address 0x10b27afc is 172 bytes inside a block of size 173 alloc'd ==9264== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x9510A78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64BC6D9: fragment_add_work.isra.7 (reassemble.c:1064) ==9264== by 0x64BCAD3: fragment_add_common (reassemble.c:1371) ==9264== by 0x64BD2B7: fragment_add (reassemble.c:1391) ==9264== by 0x6B2946E: dissect_tcp (packet-tcp.c:4686) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x683270E: dissect_ip (packet-ip.c:2407) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== ==9264== Invalid read of size 1 ==9264== at 0x4C2D080: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E24F8: dissect_http_message (packet-http.c:2433) ==9264== by 0x67E3588: dissect_http (packet-http.c:2704) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B26C97: decode_tcp_ports (packet-tcp.c:3853) ==9264== Address 0x10aad55c is 0 bytes after a block of size 652 alloc'd ==9264== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x9510A78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64BC6D9: fragment_add_work.isra.7 (reassemble.c:1064) ==9264== by 0x64BCAD3: fragment_add_common (reassemble.c:1371) ==9264== by 0x64BD2B7: fragment_add (reassemble.c:1391) ==9264== by 0x6B27484: dissect_tcp_payload (packet-tcp.c:1713) ==9264== by 0x6B28BC0: dissect_tcp (packet-tcp.c:4779) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x683270E: dissect_ip (packet-ip.c:2407) ==9264== ==9264== Invalid read of size 2 ==9264== at 0x4C2D060: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x95252EE: g_strdup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64E6CDA: string_fvalue_set (ftype-string.c:55) ==9264== by 0x64B0D97: proto_tree_add_string (proto.c:2509) ==9264== by 0x64B0E90: proto_tree_add_string_format (proto.c:2549) ==9264== by 0x67E24F8: dissect_http_message (packet-http.c:2433) ==9264== by 0x67E3588: dissect_http (packet-http.c:2704) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x6B26C97: decode_tcp_ports (packet-tcp.c:3853) ==9264== Address 0x10aad55c is 0 bytes after a block of size 652 alloc'd ==9264== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9264== by 0x9510A78: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.3) ==9264== by 0x64BC6D9: fragment_add_work.isra.7 (reassemble.c:1064) ==9264== by 0x64BCAD3: fragment_add_common (reassemble.c:1371) ==9264== by 0x64BD2B7: fragment_add (reassemble.c:1391) ==9264== by 0x6B27484: dissect_tcp_payload (packet-tcp.c:1713) ==9264== by 0x6B28BC0: dissect_tcp (packet-tcp.c:4779) ==9264== by 0x649E6F7: call_dissector_through_handle (packet.c:515) ==9264== by 0x649F044: call_dissector_work (packet.c:609) ==9264== by 0x649F9F2: dissector_try_uint_new (packet.c:1040) ==9264== by 0x649FA46: dissector_try_uint (packet.c:1066) ==9264== by 0x683270E: dissect_ip (packet-ip.c:2407) ==9264== ==9264== ==9264== HEAP SUMMARY: ==9264== in use at exit: 516,801 bytes in 8,414 blocks ==9264== total heap usage: 8,797,945 allocs, 8,789,531 frees, 816,782,990 bytes allocated ==9264== ==9264== LEAK SUMMARY: ==9264== definitely lost: 8,601 bytes in 1,679 blocks ==9264== indirectly lost: 1,432 bytes in 53 blocks ==9264== possibly lost: 0 bytes in 0 blocks ==9264== still reachable: 506,768 bytes in 6,682 blocks ==9264== suppressed: 0 bytes in 0 blocks ==9264== Rerun with --leak-check=full to see details of leaked memory ==9264== ==9264== For counts of detected and suppressed errors, rerun with: -v ==9264== Use --track-origins=yes to see where uninitialised values come from ==9264== ERROR SUMMARY: 216 errors from 8 contexts (suppressed: 7 from 5) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 9316] Buildbot crash output: fuzz-2013-10-23-32245.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9316] Buildbot crash output: fuzz-2013-10-23-32245.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9316] Buildbot crash output: fuzz-2013-10-23-32245.pcap
- Prev by Date: [Wireshark-bugs] [Bug 8818] MIME: Add support for ELF files
- Next by Date: [Wireshark-bugs] [Bug 9266] New dissector: PPPoE lawful intercepted packets
- Previous by thread: [Wireshark-bugs] [Bug 9112] epan/follow.c - Incorrect "bytes missing in capture file" in "check_fragments" due to an unsigned int wraparound?
- Next by thread: [Wireshark-bugs] [Bug 9316] Buildbot crash output: fuzz-2013-10-23-32245.pcap
- Index(es):