Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10761] New: Buildbot crash output: fuzz-2014-12-07-21739.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 10761] New: Buildbot crash output: fuzz-2014-12-07-21739.p

Date: Sun, 07 Dec 2014 20:20:04 +0000

Bug ID	10761
Summary	Buildbot crash output: fuzz-2014-12-07-21739.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2014-12-07-21739.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2014-12-07-21739.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/406-malformed-service-load-packet.pcap

Build host information:
Linux wsbb04 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=3078
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=18fabb4733336896f94e3a785f0f7c663ff9ae72

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit 18fabb4733336896f94e3a785f0f7c663ff9ae72
Author: Jeff Morriss <jeff.morriss.ws@gmail.com>
Date:   Tue Dec 2 09:40:46 2014 -0500

    Strengthen association matching when we haven't seen the INIT/INIT-ACK.

    The fact that the vtag matches the initiate tag doesn't mean much if both
are 0
    (uninitialized).

    Also leave in some (commented-out) debug to make debugging this stuff
easier
    in the future.

    Change-Id: Id007de8bf9d2d4e0bb18309ed3e2572fedda45f1
    Reviewed-on: https://code.wireshark.org/review/5571
    Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>


Command and args: ./tools/valgrind-wireshark.sh 

==6256== Memcheck, a memory error detector
==6256== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==6256== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==6256== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-12-07-21739.pcap
==6256== 
==6256== Invalid read of size 1
==6256==    at 0x6B6EC94: find_parameter (packet-multipart.c:351)
==6256==    by 0x6B6EDE9: dissect_multipart (packet-multipart.c:418)
==6256==    by 0x66AFE3E: call_dissector_through_handle (packet.c:618)
==6256==    by 0x66B0884: call_dissector_work (packet.c:709)
==6256==    by 0x6A10A4F: dissect_http_message (packet-http.c:1472)
==6256==    by 0x6A11B08: dissect_http (packet-http.c:2774)
==6256==    by 0x6A11EF7: dissect_http_heur_tcp (packet-http.c:2813)
==6256==    by 0x66B1DA9: dissector_try_heuristic (packet.c:2024)
==6256==    by 0x6DB00C6: decode_tcp_ports (packet-tcp.c:4076)
==6256==    by 0x6DB055E: process_tcp_payload (packet-tcp.c:4122)
==6256==    by 0x6DB0B2F: dissect_tcp_payload (packet-tcp.c:1950)
==6256==    by 0x6DB2783: dissect_tcp (packet-tcp.c:5010)
==6256==  Address 0x11b780fa is 7 bytes after a block of size 51 alloc'd
==6256==    at 0x4C2AB80: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6256==    by 0x9B09610: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4002.0)
==6256==    by 0x71D8F0B: wmem_simple_alloc (wmem_allocator_simple.c:55)
==6256==    by 0x6B6EA34: unfold_and_compact_mime_header
(packet-multipart.c:218)
==6256==    by 0x6B6EDCA: dissect_multipart (packet-multipart.c:416)
==6256==    by 0x66AFE3E: call_dissector_through_handle (packet.c:618)
==6256==    by 0x66B0884: call_dissector_work (packet.c:709)
==6256==    by 0x6A10A4F: dissect_http_message (packet-http.c:1472)
==6256==    by 0x6A11B08: dissect_http (packet-http.c:2774)
==6256==    by 0x6A11EF7: dissect_http_heur_tcp (packet-http.c:2813)
==6256==    by 0x66B1DA9: dissector_try_heuristic (packet.c:2024)
==6256==    by 0x6DB00C6: decode_tcp_ports (packet-tcp.c:4076)
==6256== 
==6256== 
==6256== HEAP SUMMARY:
==6256==     in use at exit: 1,216,365 bytes in 29,626 blocks
==6256==   total heap usage: 228,836 allocs, 199,210 frees, 28,954,924 bytes
allocated
==6256== 
==6256== LEAK SUMMARY:
==6256==    definitely lost: 3,656 bytes in 156 blocks
==6256==    indirectly lost: 36,744 bytes in 51 blocks
==6256==      possibly lost: 0 bytes in 0 blocks
==6256==    still reachable: 1,175,965 bytes in 29,419 blocks
==6256==         suppressed: 0 bytes in 0 blocks
==6256== Rerun with --leak-check=full to see details of leaked memory
==6256== 
==6256== For counts of detected and suppressed errors, rerun with: -v
==6256== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10761] Buildbot crash output: fuzz-2014-12-07-21739.pcap
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 10761] Buildbot crash output: fuzz-2014-12-07-21739.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10757] Buildbot crash output: fuzz-2014-12-03-2750.pcap
Next by Date: [Wireshark-bugs] [Bug 10754] cannot open rf5 file
Previous by thread: [Wireshark-bugs] [Bug 10760] giop dissector produces Lua Error "C stack overflow"
Next by thread: [Wireshark-bugs] [Bug 10761] Buildbot crash output: fuzz-2014-12-07-21739.pcap
Index(es):
- Date
- Thread