Wireshark-bugs: [Wireshark-bugs] [Bug 12085] New: Buildbot crash output: fuzz-2016-02-05-26837.p
Bug ID |
12085
|
Summary |
Buildbot crash output: fuzz-2016-02-05-26837.pcap
|
Product |
Wireshark
|
Version |
unspecified
|
Hardware |
x86-64
|
URL |
https://www.wireshark.org/download/automated/captures/fuzz-2016-02-05-26837.pcap
|
OS |
Ubuntu
|
Status |
CONFIRMED
|
Severity |
Major
|
Priority |
High
|
Component |
Dissection engine (libwireshark)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
buildbot-do-not-reply@wireshark.org
|
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2016-02-05-26837.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/14297-wireshark1.pcapng
Build host information:
Linux wsbb04 3.13.0-74-generic #118-Ubuntu SMP Thu Dec 17 22:52:10 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=3487
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=651d860d9038a30de1453c5315eb09a95622c199
Return value: 1
Dissector bug: 0
Valgrind error count: 0
Git commit
commit 651d860d9038a30de1453c5315eb09a95622c199
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date: Thu Feb 4 22:00:53 2016 +0100
Don’t adjust time column widths in cf_open
The time column widths should not be adjusted in cf_open() because
we don’t have any packets yet and Qt resizeColumnToContents() will
not adjust any widths but emits a sectionResized() with invalid or
default values (new_width seems to always be 32). This will in some
cases (when start capturing packets) give wrong width values which
is later stored in the recent file, and the time columns may end up
narrow the next time the recent file is read.
This fix is related to the column with issues previously compensated
for in PacketList::sectionResized() (g4980d505).
Change-Id: Id3b49069fe5d2b55d608cc7a6d32fe7851369bf9
Reviewed-on: https://code.wireshark.org/review/13712
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Command and args:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nVxr
=================================================================
==27144==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7f3a5f5ace6b at pc 0x7f3a5d8a3a85 bp 0x7ffd06277520 sp 0x7ffd06277518
READ of size 1 at 0x7f3a5f5ace6b thread T0
#0 0x7f3a5d8a3a84
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7985a84)
#1 0x7f3a5d23ef21
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320f21)
#2 0x7f3a5d23cffc
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x731effc)
#3 0x7f3a5d8a9b27
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x798bb27)
#4 0x7f3a5d23ef21
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320f21)
#5 0x7f3a5d23ebba
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320bba)
#6 0x7f3a5d772955
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7854955)
#7 0x7f3a5d23ef21
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320f21)
#8 0x7f3a5d23cffc
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x731effc)
#9 0x7f3a5d23c818
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x731e818)
#10 0x7f3a5d21cf7e
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x72fef7e)
#11 0x501145
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x501145)
#12 0x4fb96b
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4fb96b)
#13 0x7f3a52b5cec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#14 0x43fc26
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x43fc26)
0x7f3a5f5ace6b is located 21 bytes to the left of global variable 'subcarriers'
defined in 'packet-ieee80211-radio.c:265:20' (0x7f3a5f5ace80) of size 16
0x7f3a5f5ace6b is located 37 bytes to the right of global variable '<string
literal>' defined in 'packet-ieee80211-radio.c:821:17' (0x7f3a5f5ace40) of size
6
'<string literal>' is ascii string '%d us'
Shadow bytes around the buggy address:
0x0fe7cbead970: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
0x0fe7cbead980: 05 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
0x0fe7cbead990: 07 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
0x0fe7cbead9a0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0fe7cbead9b0: 00 05 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0fe7cbead9c0: 00 05 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9[f9]f9 f9
0x0fe7cbead9d0: 00 00 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
0x0fe7cbead9e0: 04 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
0x0fe7cbead9f0: 04 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
0x0fe7cbeada00: 07 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
0x0fe7cbeada10: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==27144==ABORTING
[ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.