Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12256] New: Buildbot crash output: fuzz-2016-03-12-14868.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12256] New: Buildbot crash output: fuzz-2016-03-12-14868.p

Date: Sat, 12 Mar 2016 16:10:03 +0000

Bug ID	12256
Summary	Buildbot crash output: fuzz-2016-03-12-14868.pcap
Product	Wireshark
Version	unspecified
Hardware	x86-64
URL	https://www.wireshark.org/download/automated/captures/fuzz-2016-03-12-14868.pcap
OS	Ubuntu
Status	CONFIRMED
Severity	Major
Priority	High
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-03-12-14868.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/001349.cap

Build host information:
Linux wsbb04 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 14.04.4 LTS
Release:    14.04
Codename:    trusty

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_BUILDNUMBER=109
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_SLAVENAME=fuzz-test
BUILDBOT_GOT_REVISION=279845cbf3612baa2a6bff6d3e339021cd6e035c

Return value:  0

Dissector bug:  0

Valgrind error count:  2



Git commit
commit 279845cbf3612baa2a6bff6d3e339021cd6e035c
Author: Remi Gacogne <remi.gacogne@powerdns.com>
Date:   Wed Mar 9 19:01:10 2016 +0100

    DNS: Fix handling of the server part of EDNS0 Cookie Option

    cur_offset was not incremented for the server part, causing a
    "Malformed packet" message.

    Change-Id: I21cb876e0d70b1de0cb2f76d37edec4c2ec7c788
    Reviewed-on: https://code.wireshark.org/review/14402
    Reviewed-by: Michael Mann <mmann78@netscape.net>
    (cherry picked from commit cc251536fbd195e0484356ff0e24ce5cae4c2806)
    Reviewed-on: https://code.wireshark.org/review/14410


Command and args: ./tools/valgrind-wireshark.sh 

==16374== Memcheck, a memory error detector
==16374== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==16374== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==16374== Command:
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-03-12-14868.pcap
==16374== 
==16374== Conditional jump or move depends on uninitialised value(s)
==16374==    at 0x68665BA: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:148)
==16374==    by 0x6BC20BF: dissect_http_message (packet-http.c:810)
==16374==    by 0x6BC452E: dissect_http (packet-http.c:2958)
==16374==    by 0x68426DE: call_dissector_through_handle (packet.c:618)
==16374==    by 0x6843074: call_dissector_work (packet.c:706)
==16374==    by 0x684386B: dissector_try_uint_new (packet.c:1163)
==16374==    by 0x6F8D415: decode_tcp_ports (packet-tcp.c:4622)
==16374==    by 0x6F8D7CE: process_tcp_payload (packet-tcp.c:4680)
==16374==    by 0x6F8DDB5: desegment_tcp (packet-tcp.c:2270)
==16374==    by 0x6F8DDB5: dissect_tcp_payload (packet-tcp.c:4747)
==16374==    by 0x6F8FC1B: dissect_tcp (packet-tcp.c:5653)
==16374==    by 0x68426A3: call_dissector_through_handle (packet.c:620)
==16374==    by 0x6843074: call_dissector_work (packet.c:706)
==16374== 
==16374== 
==16374== HEAP SUMMARY:
==16374==     in use at exit: 1,039,553 bytes in 28,332 blocks
==16374==   total heap usage: 238,573 allocs, 210,241 frees, 31,134,557 bytes
allocated
==16374== 
==16374== LEAK SUMMARY:
==16374==    definitely lost: 2,908 bytes in 125 blocks
==16374==    indirectly lost: 36,448 bytes in 48 blocks
==16374==      possibly lost: 0 bytes in 0 blocks
==16374==    still reachable: 1,000,197 bytes in 28,159 blocks
==16374==         suppressed: 0 bytes in 0 blocks
==16374== Rerun with --leak-check=full to see details of leaked memory
==16374== 
==16374== For counts of detected and suppressed errors, rerun with: -v
==16374== Use --track-origins=yes to see where uninitialised values come from
==16374== ERROR SUMMARY: 2 errors from 1 contexts (suppressed: 0 from 0)

[ no debug trace ]

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12256] Buildbot crash output: fuzz-2016-03-12-14868.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 1734] protocol hierarchy statistics shows LDAP lines recursively
Next by Date: [Wireshark-bugs] [Bug 12253] Buildbot crash output: fuzz-2016-03-11-13630.pcap
Previous by thread: [Wireshark-bugs] [Bug 12255] New: capture filter text disappears when adapter selection is changed
Next by thread: [Wireshark-bugs] [Bug 12256] Buildbot crash output: fuzz-2016-03-12-14868.pcap
Index(es):
- Date
- Thread