Wireshark-bugs: [Wireshark-bugs] [Bug 10773] New: Buildbot crash output: fuzz-2014-12-12-16980.p
Bug ID |
10773
|
Summary |
Buildbot crash output: fuzz-2014-12-12-16980.pcap
|
Product |
Wireshark
|
Version |
unspecified
|
Hardware |
x86-64
|
URL |
https://www.wireshark.org/download/automated/captures/fuzz-2014-12-12-16980.pcap
|
OS |
Ubuntu
|
Status |
CONFIRMED
|
Severity |
Major
|
Priority |
High
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
buildbot-do-not-reply@wireshark.org
|
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2014-12-12-16980.pcap
stderr:
Input file:
/home/wireshark/menagerie/menagerie/13320-ESMLC01-OTDOA-Test02-031214.pcap
Build host information:
Linux wsbb04 3.13.0-39-generic #66-Ubuntu SMP Tue Oct 28 13:30:27 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=3081
BUILDBOT_URL=http://buildbot.wireshark.org/trunk/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=4c229ca40dcc0a75b356282e7e9dabd90fa7f1e3
Return value: 139
Dissector bug: 0
Valgrind error count: 3
Git commit
commit 4c229ca40dcc0a75b356282e7e9dabd90fa7f1e3
Author: Gerald Combs <gerald@wireshark.org>
Date: Wed Dec 10 09:30:32 2014 -0800
Build 1.99.1.
Change-Id: Ic6dcbfc880817ad4bcc07a21ec88d14c8c92df58
Reviewed-on: https://code.wireshark.org/review/5703
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Command and args: ./tools/valgrind-wireshark.sh -T
==14427== Memcheck, a memory error detector
==14427== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==14427== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright
info
==14427== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2014-12-12-16980.pcap
==14427==
==14427== Conditional jump or move depends on uninitialised value(s)
==14427== at 0xA7B269B: vfprintf (vfprintf.c:1661)
==14427== by 0xA870D74: __vsnprintf_chk (vsnprintf_chk.c:63)
==14427== by 0x66D8A77: proto_item_append_text (proto.c:4537)
==14427== by 0x6F6474D: dissect_lpp_T_reportingInterval (lpp.cnf:271)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F25A: dissect_lpp_PeriodicalReportingCriteria
(lpp.cnf:286)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F17A: dissect_lpp_CommonIEsRequestLocationInformation
(lpp.cnf:365)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F0DA: dissect_lpp_RequestLocationInformation_r9_IEs
(lpp.cnf:1409)
==14427== by 0x6C3D1AF: dissect_per_choice (packet-per.c:1706)
==14427== by 0x6F63A23: dissect_lpp_T_c1_05 (lpp.cnf:1434)
==14427==
==14427== Use of uninitialised value of size 8
==14427== at 0xA7B28F3: vfprintf (vfprintf.c:1661)
==14427== by 0xA870D74: __vsnprintf_chk (vsnprintf_chk.c:63)
==14427== by 0x66D8A77: proto_item_append_text (proto.c:4537)
==14427== by 0x6F6474D: dissect_lpp_T_reportingInterval (lpp.cnf:271)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F25A: dissect_lpp_PeriodicalReportingCriteria
(lpp.cnf:286)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F17A: dissect_lpp_CommonIEsRequestLocationInformation
(lpp.cnf:365)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F0DA: dissect_lpp_RequestLocationInformation_r9_IEs
(lpp.cnf:1409)
==14427== by 0x6C3D1AF: dissect_per_choice (packet-per.c:1706)
==14427== by 0x6F63A23: dissect_lpp_T_c1_05 (lpp.cnf:1434)
==14427==
==14427== Invalid read of size 1
==14427== at 0xA7B28F3: vfprintf (vfprintf.c:1661)
==14427== by 0xA870D74: __vsnprintf_chk (vsnprintf_chk.c:63)
==14427== by 0x66D8A77: proto_item_append_text (proto.c:4537)
==14427== by 0x6F6474D: dissect_lpp_T_reportingInterval (lpp.cnf:271)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F25A: dissect_lpp_PeriodicalReportingCriteria
(lpp.cnf:286)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F17A: dissect_lpp_CommonIEsRequestLocationInformation
(lpp.cnf:365)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F0DA: dissect_lpp_RequestLocationInformation_r9_IEs
(lpp.cnf:1409)
==14427== by 0x6C3D1AF: dissect_per_choice (packet-per.c:1706)
==14427== by 0x6F63A23: dissect_lpp_T_c1_05 (lpp.cnf:1434)
==14427== Address 0x1feffe200 is not stack'd, malloc'd or (recently) free'd
==14427==
==14427==
==14427== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==14427== Access not within mapped region at address 0x1FEFFE200
==14427== at 0xA7B28F3: vfprintf (vfprintf.c:1661)
==14427== by 0xA870D74: __vsnprintf_chk (vsnprintf_chk.c:63)
==14427== by 0x66D8A77: proto_item_append_text (proto.c:4537)
==14427== by 0x6F6474D: dissect_lpp_T_reportingInterval (lpp.cnf:271)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F25A: dissect_lpp_PeriodicalReportingCriteria
(lpp.cnf:286)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F17A: dissect_lpp_CommonIEsRequestLocationInformation
(lpp.cnf:365)
==14427== by 0x6C3D51E: dissect_per_sequence (packet-per.c:1858)
==14427== by 0x6F5F0DA: dissect_lpp_RequestLocationInformation_r9_IEs
(lpp.cnf:1409)
==14427== by 0x6C3D1AF: dissect_per_choice (packet-per.c:1706)
==14427== by 0x6F63A23: dissect_lpp_T_c1_05 (lpp.cnf:1434)
==14427== If you believe this happened as a result of a stack
==14427== overflow in your program's main thread (unlikely but
==14427== possible), you can try to increase the size of the
==14427== main thread stack using the --main-stacksize= flag.
==14427== The main thread stack size used in this run was 2084864.
==14427==
==14427== HEAP SUMMARY:
==14427== in use at exit: 16,102,239 bytes in 177,146 blocks
==14427== total heap usage: 837,370 allocs, 660,224 frees, 76,320,832 bytes
allocated
==14427==
==14427== LEAK SUMMARY:
==14427== definitely lost: 295 bytes in 20 blocks
==14427== indirectly lost: 8 bytes in 1 blocks
==14427== possibly lost: 0 bytes in 0 blocks
==14427== still reachable: 16,101,936 bytes in 177,125 blocks
==14427== suppressed: 0 bytes in 0 blocks
==14427== Rerun with --leak-check=full to see details of leaked memory
==14427==
==14427== For counts of detected and suppressed errors, rerun with: -v
==14427== Use --track-origins=yes to see where uninitialised values come from
==14427== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
./tools/valgrind-wireshark.sh: line 113: 14427 Segmentation fault (core
dumped) $LIBTOOL valgrind --suppressions=`dirname $0`/vg-suppressions
--tool=$TOOL $CALLGRIND_OUT_FILE $VERBOSE $LEAK_CHECK $REACHABLE $TRACK_ORIGINS
$COMMAND $COMMAND_ARGS $PCAP $COMMAND_ARGS2 > /dev/null
[ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.