Wireshark-bugs: [Wireshark-bugs] [Bug 12085] New: Buildbot crash output: fuzz-2016-02-05-26837.p
Date: Fri, 05 Feb 2016 12:10:03 +0000
Bug ID 12085
Summary Buildbot crash output: fuzz-2016-02-05-26837.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-02-05-26837.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-02-05-26837.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/14297-wireshark1.pcapng

Build host information:
Linux wsbb04 3.13.0-74-generic #118-Ubuntu SMP Thu Dec 17 22:52:10 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=3487
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_SLAVENAME=clang-code-analysis
BUILDBOT_GOT_REVISION=651d860d9038a30de1453c5315eb09a95622c199

Return value:  1

Dissector bug:  0

Valgrind error count:  0



Git commit
commit 651d860d9038a30de1453c5315eb09a95622c199
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Thu Feb 4 22:00:53 2016 +0100

    Don’t adjust time column widths in cf_open

    The time column widths should not be adjusted in cf_open() because
    we don’t have any packets yet and Qt resizeColumnToContents() will
    not adjust any widths but emits a sectionResized() with invalid or
    default values (new_width seems to always be 32).  This will in some
    cases (when start capturing packets) give wrong width values which
    is later stored in the recent file, and the time columns may end up
    narrow the next time the recent file is read.

    This fix is related to the column with issues previously compensated
    for in PacketList::sectionResized() (g4980d505).

    Change-Id: Id3b49069fe5d2b55d608cc7a6d32fe7851369bf9
    Reviewed-on: https://code.wireshark.org/review/13712
    Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
    Reviewed-by: Anders Broman <a.broman58@gmail.com>


Command and args:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark
-nVxr

=================================================================
==27144==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7f3a5f5ace6b at pc 0x7f3a5d8a3a85 bp 0x7ffd06277520 sp 0x7ffd06277518
READ of size 1 at 0x7f3a5f5ace6b thread T0
    #0 0x7f3a5d8a3a84 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7985a84)
    #1 0x7f3a5d23ef21 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320f21)
    #2 0x7f3a5d23cffc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x731effc)
    #3 0x7f3a5d8a9b27 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x798bb27)
    #4 0x7f3a5d23ef21 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320f21)
    #5 0x7f3a5d23ebba 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320bba)
    #6 0x7f3a5d772955 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7854955)
    #7 0x7f3a5d23ef21 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7320f21)
    #8 0x7f3a5d23cffc 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x731effc)
    #9 0x7f3a5d23c818 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x731e818)
    #10 0x7f3a5d21cf7e 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x72fef7e)
    #11 0x501145 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x501145)
    #12 0x4fb96b 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x4fb96b)
    #13 0x7f3a52b5cec4  (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #14 0x43fc26 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x43fc26)

0x7f3a5f5ace6b is located 21 bytes to the left of global variable 'subcarriers'
defined in 'packet-ieee80211-radio.c:265:20' (0x7f3a5f5ace80) of size 16
0x7f3a5f5ace6b is located 37 bytes to the right of global variable '<string
literal>' defined in 'packet-ieee80211-radio.c:821:17' (0x7f3a5f5ace40) of size
6
  '<string literal>' is ascii string '%d us'
Shadow bytes around the buggy address:
  0x0fe7cbead970: 00 01 f9 f9 f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9
  0x0fe7cbead980: 05 f9 f9 f9 f9 f9 f9 f9 03 f9 f9 f9 f9 f9 f9 f9
  0x0fe7cbead990: 07 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
  0x0fe7cbead9a0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x0fe7cbead9b0: 00 05 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x0fe7cbead9c0: 00 05 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9[f9]f9 f9
  0x0fe7cbead9d0: 00 00 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
  0x0fe7cbead9e0: 04 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
  0x0fe7cbead9f0: 04 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 f9 f9 f9 f9
  0x0fe7cbeada00: 07 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9
  0x0fe7cbeada10: 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==27144==ABORTING

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.