Wireshark-bugs: [Wireshark-bugs] [Bug 12821] New: Buildbot crash output: fuzz-2016-09-03-4899.pc
Date: Sat, 03 Sep 2016 22:30:03 +0000
Bug ID 12821
Summary Buildbot crash output: fuzz-2016-09-03-4899.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-09-03-4899.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-03-4899.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/3216-IrDA_Sample_Trace_1.pcap

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=74
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=6d29c126de4461fa6f161ff47620664a4cedbf48

Return value:  0

Dissector bug:  0

Valgrind error count:  10



Git commit
commit 6d29c126de4461fa6f161ff47620664a4cedbf48
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Fri Sep 2 14:10:31 2016 +0200

    Qt: Preserve capture filter when preferences changed

    Avoid that the last entry from recent.capture_filter is added to the
    capture filter combo when editing preferences or changing profile.

    This bug was introduced in gb7897dde.

    Change-Id: I38a32386765c9e7ffaa93d006ff0ef7b78ac8252
    Reviewed-on: https://code.wireshark.org/review/17453
    Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
    Reviewed-by: Peter Wu <peter@lekensteyn.nl>
    Reviewed-by: Anders Broman <a.broman58@gmail.com>
    (cherry picked from commit 770aaf1dde2c57687beb0ebe9a3af9003c3c2c14)
    Reviewed-on: https://code.wireshark.org/review/17468
    Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>


==22329== Memcheck, a memory error detector
==22329== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==22329== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==22329== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-03-4899.pcap
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA300BC4: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6937EA4: conversation_lookup_hashtable (conversation.c:822)
==22329==    by 0x6938AD3: find_conversation (conversation.c:1035)
==22329==    by 0xFB91B5F: add_lmp_conversation (packet-irda.c:1197)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA300BC4: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6937EA4: conversation_lookup_hashtable (conversation.c:822)
==22329==    by 0x6938B2F: find_conversation (conversation.c:1125)
==22329==    by 0xFB91B5F: add_lmp_conversation (packet-irda.c:1197)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA300BC4: g_hash_table_lookup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6937F44: conversation_insert_into_hashtable
(conversation.c:551)
==22329==    by 0x6938677: conversation_new (conversation.c:722)
==22329==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA3003FB: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6938677: conversation_new (conversation.c:722)
==22329==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329==    by 0x6949D9C: dissect_record (packet.c:531)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA2FFF97: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6938677: conversation_new (conversation.c:722)
==22329==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA300020: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6938677: conversation_new (conversation.c:722)
==22329==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA30002E: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6938677: conversation_new (conversation.c:722)
==22329==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA300044: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6938677: conversation_new (conversation.c:722)
==22329==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Use of uninitialised value of size 8
==22329==    at 0xA300071: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0xA3004B9: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6938677: conversation_new (conversation.c:722)
==22329==    by 0xFB91C0C: add_lmp_conversation (packet-irda.c:1218)
==22329==    by 0xFB8DE52: dissect_ircomm_ttp_lsap (packet-ircomm.c:331)
==22329==    by 0xFB8F73D: dissect_iap_result (packet-irda.c:864)
==22329==    by 0xFB91030: dissect_irlmp (packet-irda.c:1153)
==22329==    by 0xFB91030: dissect_irlap (packet-irda.c:1738)
==22329==    by 0xFB91030: dissect_irda (packet-irda.c:1847)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6948558: dissector_try_uint_new (packet.c:1188)
==22329==    by 0x6C46407: dissect_frame (packet-frame.c:507)
==22329==    by 0x6947E2E: call_dissector_through_handle (packet.c:648)
==22329==    by 0x6947E2E: call_dissector_work (packet.c:723)
==22329==    by 0x6949861: call_dissector_with_data (packet.c:2816)
==22329== 
==22329== Conditional jump or move depends on uninitialised value(s)
==22329==    at 0xA30017D: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0xA301102: g_hash_table_remove_all (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0xA30113D: g_hash_table_destroy (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==22329==    by 0x6938351: conversation_cleanup (conversation.c:494)
==22329==    by 0x6948088: cleanup_dissection (packet.c:297)
==22329==    by 0x693D86D: epan_free (epan.c:235)
==22329==    by 0x40DFE5: main (tshark.c:2041)
==22329== 
==22329== 
==22329== HEAP SUMMARY:
==22329==     in use at exit: 445,911 bytes in 9,614 blocks
==22329==   total heap usage: 257,943 allocs, 248,329 frees, 32,624,669 bytes
allocated
==22329== 
==22329== LEAK SUMMARY:
==22329==    definitely lost: 343 bytes in 20 blocks
==22329==    indirectly lost: 362 bytes in 4 blocks
==22329==      possibly lost: 0 bytes in 0 blocks
==22329==    still reachable: 445,206 bytes in 9,590 blocks
==22329==         suppressed: 0 bytes in 0 blocks
==22329== Rerun with --leak-check=full to see details of leaked memory
==22329== 
==22329== For counts of detected and suppressed errors, rerun with: -v
==22329== Use --track-origins=yes to see where uninitialised values come from
==22329== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 1 from 1)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.