Wireshark-bugs: [Wireshark-bugs] [Bug 10749] New: Buildbot crash output: fuzz-2014-12-01-20009.p
Date: Tue, 02 Dec 2014 15:30:02 +0000
Bug ID | 10749 |
---|---|
Summary | Buildbot crash output: fuzz-2014-12-01-20009.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2014-12-01-20009.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | buildbot-do-not-reply@wireshark.org |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2014-12-01-20009.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/9630-ATLAS_FTAM_TCP_TRACE_2012110713400115.pcap Build host information: Linux wsbb04 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 14.04.1 LTS Release: 14.04 Codename: trusty Buildbot information: BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark BUILDBOT_BUILDNUMBER=3076 BUILDBOT_URL=http://buildbot.wireshark.org/trunk/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_SLAVENAME=clang-code-analysis BUILDBOT_GOT_REVISION=785ef839640e00fd7db46130e367fc731525ccad Return value: 0 Dissector bug: 0 Valgrind error count: 111 Git commit commit 785ef839640e00fd7db46130e367fc731525ccad Author: Guy Harris <guy@alum.mit.edu> Date: Sat Nov 29 07:26:42 2014 +0000 Revert "Add QNX' QNET protocol" This reverts commit 72b91a56f86e3bbab700900366f81dc8c353b91d. value_string_ext tables ***MUST*** be sorted numerically, otherwise the code prints warnings such as the ones in http://buildbot.wireshark.org/trunk/builders/Ubuntu%2014.04%20x64/builds/1419/steps/test.sh/logs/stdio Fix this and resubmit. Change-Id: I448025bb7b19a607e992831202ed31d243ce70d8 Reviewed-on: https://code.wireshark.org/review/5530 Reviewed-by: Guy Harris <guy@alum.mit.edu> Command and args: ./tools/valgrind-wireshark.sh ==678== Memcheck, a memory error detector ==678== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==678== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info ==678== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-12-01-20009.pcap ==678== ==678== Invalid read of size 1 ==678== at 0x9AECFE0: g_str_hash (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x9AEC568: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x67A81F0: call_ber_oid_callback (packet-ber.c:550) ==678== by 0x67A7256: dissect_ber_choice (packet-ber.c:2903) ==678== by 0x6EE739F: dissect_acse_T_encoding (acse.cnf:129) ==678== by 0x67A8E3C: dissect_ber_sequence (packet-ber.c:2403) ==678== by 0x6EE6FDF: dissect_acse_EXTERNALt_U (acse.cnf:147) ==678== by 0x67A644A: dissect_ber_tagged_type (packet-ber.c:716) ==678== by 0x6EE6EAD: dissect_acse_EXTERNALt (acse.cnf:157) ==678== by 0x67AABC6: dissect_ber_sq_of (packet-ber.c:3502) ==678== by 0x67AB37D: dissect_ber_sequence_of (packet-ber.c:3533) ==678== by 0x6EE804F: dissect_acse_Association_data (acse.cnf:287) ==678== Address 0x141665f0 is 0 bytes inside a block of size 35 free'd ==678== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x669E494: emem_free_all (emem.c:1187) ==678== by 0x669F600: epan_dissect_run_with_taps (epan.c:350) ==678== by 0x413693: process_packet (tshark.c:3529) ==678== by 0x40C7F7: main (tshark.c:3317) ==678== ==678== Invalid read of size 1 ==678== at 0x9AECFFD: g_str_hash (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x9AEC568: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x67A81F0: call_ber_oid_callback (packet-ber.c:550) ==678== by 0x67A7256: dissect_ber_choice (packet-ber.c:2903) ==678== by 0x6EE739F: dissect_acse_T_encoding (acse.cnf:129) ==678== by 0x67A8E3C: dissect_ber_sequence (packet-ber.c:2403) ==678== by 0x6EE6FDF: dissect_acse_EXTERNALt_U (acse.cnf:147) ==678== by 0x67A644A: dissect_ber_tagged_type (packet-ber.c:716) ==678== by 0x6EE6EAD: dissect_acse_EXTERNALt (acse.cnf:157) ==678== by 0x67AABC6: dissect_ber_sq_of (packet-ber.c:3502) ==678== by 0x67AB37D: dissect_ber_sequence_of (packet-ber.c:3533) ==678== by 0x6EE804F: dissect_acse_Association_data (acse.cnf:287) ==678== Address 0x141665f1 is 1 bytes inside a block of size 35 free'd ==678== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x669E494: emem_free_all (emem.c:1187) ==678== by 0x669F600: epan_dissect_run_with_taps (epan.c:350) ==678== by 0x413693: process_packet (tshark.c:3529) ==678== by 0x40C7F7: main (tshark.c:3317) ==678== ==678== Invalid read of size 1 ==678== at 0x9AECFE0: g_str_hash (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x9AEC568: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x66AAA7F: dissector_try_string (packet.c:1394) ==678== by 0x67A8258: call_ber_oid_callback (packet-ber.c:1116) ==678== by 0x67A7256: dissect_ber_choice (packet-ber.c:2903) ==678== by 0x6EE739F: dissect_acse_T_encoding (acse.cnf:129) ==678== by 0x67A8E3C: dissect_ber_sequence (packet-ber.c:2403) ==678== by 0x6EE6FDF: dissect_acse_EXTERNALt_U (acse.cnf:147) ==678== by 0x67A644A: dissect_ber_tagged_type (packet-ber.c:716) ==678== by 0x6EE6EAD: dissect_acse_EXTERNALt (acse.cnf:157) ==678== by 0x67AABC6: dissect_ber_sq_of (packet-ber.c:3502) ==678== by 0x67AB37D: dissect_ber_sequence_of (packet-ber.c:3533) ==678== Address 0x141665f0 is 0 bytes inside a block of size 35 free'd ==678== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x669E494: emem_free_all (emem.c:1187) ==678== by 0x669F600: epan_dissect_run_with_taps (epan.c:350) ==678== by 0x413693: process_packet (tshark.c:3529) ==678== by 0x40C7F7: main (tshark.c:3317) ==678== ==678== Invalid read of size 1 ==678== at 0x9AECFFD: g_str_hash (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x9AEC568: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x66AAA7F: dissector_try_string (packet.c:1394) ==678== by 0x67A8258: call_ber_oid_callback (packet-ber.c:1116) ==678== by 0x67A7256: dissect_ber_choice (packet-ber.c:2903) ==678== by 0x6EE739F: dissect_acse_T_encoding (acse.cnf:129) ==678== by 0x67A8E3C: dissect_ber_sequence (packet-ber.c:2403) ==678== by 0x6EE6FDF: dissect_acse_EXTERNALt_U (acse.cnf:147) ==678== by 0x67A644A: dissect_ber_tagged_type (packet-ber.c:716) ==678== by 0x6EE6EAD: dissect_acse_EXTERNALt (acse.cnf:157) ==678== by 0x67AABC6: dissect_ber_sq_of (packet-ber.c:3502) ==678== by 0x67AB37D: dissect_ber_sequence_of (packet-ber.c:3533) ==678== Address 0x141665f1 is 1 bytes inside a block of size 35 free'd ==678== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x669E494: emem_free_all (emem.c:1187) ==678== by 0x669F600: epan_dissect_run_with_taps (epan.c:350) ==678== by 0x413693: process_packet (tshark.c:3529) ==678== by 0x40C7F7: main (tshark.c:3317) ==678== ==678== Invalid read of size 1 ==678== at 0x4C2F1B4: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x9AECFC8: g_str_equal (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x9AEC5EF: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x66AAA7F: dissector_try_string (packet.c:1394) ==678== by 0x67A8258: call_ber_oid_callback (packet-ber.c:1116) ==678== by 0x67A7256: dissect_ber_choice (packet-ber.c:2903) ==678== by 0x6EE739F: dissect_acse_T_encoding (acse.cnf:129) ==678== by 0x67A8E3C: dissect_ber_sequence (packet-ber.c:2403) ==678== by 0x6EE6FDF: dissect_acse_EXTERNALt_U (acse.cnf:147) ==678== by 0x67A644A: dissect_ber_tagged_type (packet-ber.c:716) ==678== by 0x6EE6EAD: dissect_acse_EXTERNALt (acse.cnf:157) ==678== by 0x67AABC6: dissect_ber_sq_of (packet-ber.c:3502) ==678== Address 0x145c3280 is 0 bytes inside a block of size 13 free'd ==678== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x71D7CCC: wmem_simple_free_all (wmem_allocator_simple.c:107) ==678== by 0x71D894B: wmem_leave_packet_scope (wmem_scopes.c:81) ==678== by 0x413693: process_packet (tshark.c:3529) ==678== by 0x40C7F7: main (tshark.c:3317) ==678== ==678== Invalid read of size 1 ==678== at 0x4C2F1CB: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x9AECFC8: g_str_equal (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x9AEC5EF: g_hash_table_lookup (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0) ==678== by 0x66AAA7F: dissector_try_string (packet.c:1394) ==678== by 0x67A8258: call_ber_oid_callback (packet-ber.c:1116) ==678== by 0x67A7256: dissect_ber_choice (packet-ber.c:2903) ==678== by 0x6EE739F: dissect_acse_T_encoding (acse.cnf:129) ==678== by 0x67A8E3C: dissect_ber_sequence (packet-ber.c:2403) ==678== by 0x6EE6FDF: dissect_acse_EXTERNALt_U (acse.cnf:147) ==678== by 0x67A644A: dissect_ber_tagged_type (packet-ber.c:716) ==678== by 0x6EE6EAD: dissect_acse_EXTERNALt (acse.cnf:157) ==678== by 0x67AABC6: dissect_ber_sq_of (packet-ber.c:3502) ==678== Address 0x145c3281 is 1 bytes inside a block of size 13 free'd ==678== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==678== by 0x71D7CCC: wmem_simple_free_all (wmem_allocator_simple.c:107) ==678== by 0x71D894B: wmem_leave_packet_scope (wmem_scopes.c:81) ==678== by 0x413693: process_packet (tshark.c:3529) ==678== by 0x40C7F7: main (tshark.c:3317) ==678== ==678== ==678== HEAP SUMMARY: ==678== in use at exit: 1,226,901 bytes in 30,581 blocks ==678== total heap usage: 990,821 allocs, 960,240 frees, 64,156,860 bytes allocated ==678== ==678== LEAK SUMMARY: ==678== definitely lost: 11,992 bytes in 1,107 blocks ==678== indirectly lost: 36,744 bytes in 51 blocks ==678== possibly lost: 0 bytes in 0 blocks ==678== still reachable: 1,178,165 bytes in 29,423 blocks ==678== suppressed: 0 bytes in 0 blocks ==678== Rerun with --leak-check=full to see details of leaked memory ==678== ==678== For counts of detected and suppressed errors, rerun with: -v ==678== ERROR SUMMARY: 111 errors from 6 contexts (suppressed: 0 from 0) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 10749] Buildbot crash output: fuzz-2014-12-01-20009.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10749] Buildbot crash output: fuzz-2014-12-01-20009.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10749] Buildbot crash output: fuzz-2014-12-01-20009.pcap
- Prev by Date: [Wireshark-bugs] [Bug 10747] setting a 6Lowpan context generates a wireshark crash
- Next by Date: [Wireshark-bugs] [Bug 10737] Wireshark should be installing icons as part of "make install", not "make install_desktop_files"
- Previous by thread: [Wireshark-bugs] [Bug 10664] Column options SrcAddr and DestAddr under Pref-->Appearances-->Columns do not respect "hw src addr (resolved)" or "hw dest addr (resolved)"
- Next by thread: [Wireshark-bugs] [Bug 10749] Buildbot crash output: fuzz-2014-12-01-20009.pcap
- Index(es):