Wireshark-bugs: [Wireshark-bugs] [Bug 10340] New: Buildbot crash output: fuzz-2014-08-02-21443.p
Date: Sun, 03 Aug 2014 14:50:05 +0000
Bug ID 10340
Summary Buildbot crash output: fuzz-2014-08-02-21443.pcap
Classification Unclassified
Product Wireshark
Version unspecified
Hardware x86-64
URL http://www.wireshark.org/download/automated/captures/fuzz-2014-08-02-21443.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

http://www.wireshark.org/download/automated/captures/fuzz-2014-08-02-21443.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/4979-failedTest.pcap

Build host information:
Linux wsbb04 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=2895
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=a644744fb9502971fee751b8a1e390d255b82d78

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit a644744fb9502971fee751b8a1e390d255b82d78
Author: Evan Huus <eapache@gmail.com>
Date:   Thu Jul 31 13:18:21 2014 -0400

    Use packet_scope instead of a stack local

    As clang pointed out we end up storing a reference to it in a global and
(more
    relevantly) pushing that global to a tap which would run after the current
frame
    has returned.

    Thanks to Alexis for bringing this to my attention.

    Change-Id: I3aac43a806d217b0dc8a973f6bb2fa48cdd041bb
    Reviewed-on: https://code.wireshark.org/review/3289
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
    Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
    Reviewed-by: Anders Broman <a.broman58@gmail.com>


Command and args: ./tools/valgrind-wireshark.sh 

==20749== Memcheck, a memory error detector
==20749== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==20749== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==20749== Command:
/home/wireshark/builders/trunk-clang-ca/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-08-02-21443.pcap
==20749== 
==20749== Use of uninitialised value of size 8
==20749==    at 0x998E593: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==20749==    by 0x6CEB95E: ssl_restore_master_key.part.19
(packet-ssl-utils.c:4348)
==20749==    by 0x6CED7AB: ssl_finalize_decryption (packet-ssl-utils.c:4394)
==20749==    by 0x6CF2B24: dissect_ssl3_record (packet-ssl.c:1564)
==20749==    by 0x6CF38C4: dissect_ssl (packet-ssl.c:717)
==20749==    by 0x66222DE: call_dissector_through_handle (packet.c:622)
==20749==    by 0x6622BC4: call_dissector_work (packet.c:713)
==20749==    by 0x662327B: dissector_try_uint_new (packet.c:1145)
==20749==    by 0x6D0756B: decode_tcp_ports (packet-tcp.c:3973)
==20749==    by 0x6D078DE: process_tcp_payload (packet-tcp.c:4045)
==20749==    by 0x6D07EAF: dissect_tcp_payload (packet-tcp.c:1868)
==20749==    by 0x6D09B4B: dissect_tcp (packet-tcp.c:4942)
==20749== 
==20749== 
==20749== HEAP SUMMARY:
==20749==     in use at exit: 1,266,469 bytes in 29,876 blocks
==20749==   total heap usage: 918,870 allocs, 888,994 frees, 61,235,373 bytes
allocated
==20749== 
==20749== LEAK SUMMARY:
==20749==    definitely lost: 8,928 bytes in 382 blocks
==20749==    indirectly lost: 48,927 bytes in 265 blocks
==20749==      possibly lost: 0 bytes in 0 blocks
==20749==    still reachable: 1,208,614 bytes in 29,229 blocks
==20749==         suppressed: 0 bytes in 0 blocks
==20749== Rerun with --leak-check=full to see details of leaked memory
==20749== 
==20749== For counts of detected and suppressed errors, rerun with: -v
==20749== Use --track-origins=yes to see where uninitialised values come from
==20749== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.