Wireshark-bugs: [Wireshark-bugs] [Bug 10678] New: Buildbot crash output: fuzz-2014-11-07-15688.p
Date: Fri, 07 Nov 2014 14:10:03 +0000
Bug ID | 10678 |
---|---|
Summary | Buildbot crash output: fuzz-2014-11-07-15688.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2014-11-07-15688.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | buildbot-do-not-reply@wireshark.org |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2014-11-07-15688.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/10783-traces_lass-pc-8.10.1.cap.gz Build host information: Linux wsbb04 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 14.04.1 LTS Release: 14.04 Codename: trusty Buildbot information: BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark BUILDBOT_BUILDNUMBER=3045 BUILDBOT_URL=http://buildbot.wireshark.org/trunk/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_SLAVENAME=clang-code-analysis BUILDBOT_GOT_REVISION=c321dc3f2e000213c8c626052e304e2a510c94a6 Return value: 0 Dissector bug: 0 Valgrind error count: 162 Git commit commit c321dc3f2e000213c8c626052e304e2a510c94a6 Author: Evan Huus <eapache@gmail.com> Date: Wed Nov 5 23:43:20 2014 -0500 rpc: fix regression in gbfc5483174d value can be NULL, in which case memduping it will crash Bug: 10667 Change-Id: I8950fae94d80a2f06f24a785532536ad73f1855d Reviewed-on: https://code.wireshark.org/review/5152 Reviewed-by: Evan Huus <eapache@gmail.com> Command and args: ./tools/valgrind-wireshark.sh ==29165== Memcheck, a memory error detector ==29165== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==29165== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==29165== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-11-07-15688.pcap ==29165== ==29165== Invalid read of size 1 ==29165== at 0x4C2F1B1: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x9AC9FC8: g_str_equal (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x9AC90BF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x66D7D94: Radiuslex (radius_dict.l:341) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== by 0x6699DAB: dissector_try_uint_new (packet.c:1144) ==29165== Address 0x1244f4e0 is 0 bytes inside a block of size 9 free'd ==29165== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x66D7D59: Radiuslex (radius_dict.l:337) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== by 0x6699DAB: dissector_try_uint_new (packet.c:1144) ==29165== by 0x6699DF6: dissector_try_uint (packet.c:1170) ==29165== by 0x6DC9C29: decode_udp_ports (packet-udp.c:493) ==29165== ==29165== Invalid read of size 1 ==29165== at 0x4C2F1C8: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x9AC9FC8: g_str_equal (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x9AC90BF: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x66D7D94: Radiuslex (radius_dict.l:341) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== by 0x6699DAB: dissector_try_uint_new (packet.c:1144) ==29165== Address 0x1244f4e1 is 1 bytes inside a block of size 9 free'd ==29165== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x66D7D59: Radiuslex (radius_dict.l:337) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== by 0x6699DAB: dissector_try_uint_new (packet.c:1144) ==29165== by 0x6699DF6: dissector_try_uint (packet.c:1170) ==29165== by 0x6DC9C29: decode_udp_ports (packet-udp.c:493) ==29165== ==29165== Invalid read of size 1 ==29165== at 0x4C2F1B1: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x9AC9FC8: g_str_equal (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x9AC95EF: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x66D726D: add_attribute (radius_dict.l:359) ==29165== by 0x66D839F: Radiuslex (radius_dict.l:234) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== Address 0x1244f4e0 is 0 bytes inside a block of size 9 free'd ==29165== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x66D7D59: Radiuslex (radius_dict.l:337) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== by 0x6699DAB: dissector_try_uint_new (packet.c:1144) ==29165== by 0x6699DF6: dissector_try_uint (packet.c:1170) ==29165== by 0x6DC9C29: decode_udp_ports (packet-udp.c:493) ==29165== ==29165== Invalid read of size 1 ==29165== at 0x4C2F1C8: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x9AC9FC8: g_str_equal (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x9AC95EF: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==29165== by 0x66D726D: add_attribute (radius_dict.l:359) ==29165== by 0x66D839F: Radiuslex (radius_dict.l:234) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== Address 0x1244f4e1 is 1 bytes inside a block of size 9 free'd ==29165== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==29165== by 0x66D7D59: Radiuslex (radius_dict.l:337) ==29165== by 0x66D900A: radius_load_dictionary (radius_dict.l:562) ==29165== by 0x6C4B99F: register_radius_fields (packet-radius.c:2055) ==29165== by 0x66A698D: proto_registrar_get_byname (proto.c:861) ==29165== by 0x6C4A376: dissect_attribute_value_pairs (packet-radius.c:994) ==29165== by 0x6C4B402: dissect_radius (packet-radius.c:1715) ==29165== by 0x6698E0E: call_dissector_through_handle (packet.c:621) ==29165== by 0x66996F4: call_dissector_work (packet.c:712) ==29165== by 0x6699DAB: dissector_try_uint_new (packet.c:1144) ==29165== by 0x6699DF6: dissector_try_uint (packet.c:1170) ==29165== by 0x6DC9C29: decode_udp_ports (packet-udp.c:493) ==29165== ==29165== ==29165== HEAP SUMMARY: ==29165== in use at exit: 2,375,663 bytes in 47,939 blocks ==29165== total heap usage: 345,496 allocs, 297,557 frees, 50,989,773 bytes allocated ==29165== ==29165== LEAK SUMMARY: ==29165== definitely lost: 5,417 bytes in 167 blocks ==29165== indirectly lost: 36,664 bytes in 50 blocks ==29165== possibly lost: 0 bytes in 0 blocks ==29165== still reachable: 2,333,582 bytes in 47,722 blocks ==29165== suppressed: 0 bytes in 0 blocks ==29165== Rerun with --leak-check=full to see details of leaked memory ==29165== ==29165== For counts of detected and suppressed errors, rerun with: -v ==29165== ERROR SUMMARY: 162 errors from 4 contexts (suppressed: 0 from 0) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 10678] Buildbot crash output: fuzz-2014-11-07-15688.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10678] Buildbot crash output: fuzz-2014-11-07-15688.pcap
- Prev by Date: [Wireshark-bugs] [Bug 10677] New: Request to dissect LAN-Adj-SID sub-TLV in IS-IS LSP packets
- Next by Date: [Wireshark-bugs] [Bug 10649] nfs seek/allocate/deallocate support and miscellaneous bugfixes
- Previous by thread: [Wireshark-bugs] [Bug 10677] New: Request to dissect LAN-Adj-SID sub-TLV in IS-IS LSP packets
- Next by thread: [Wireshark-bugs] [Bug 10678] Buildbot crash output: fuzz-2014-11-07-15688.pcap
- Index(es):