Wireshark-bugs: [Wireshark-bugs] [Bug 12841] New: Buildbot crash output: fuzz-2016-09-06-10235.p
Date: Thu, 08 Sep 2016 18:00:02 +0000
Bug ID 12841
Summary Buildbot crash output: fuzz-2016-09-06-10235.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-09-06-10235.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-06-10235.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/testserver2.cap

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=185
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.0/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=4c570fae8899fe7703097cc060965acec4273747

Return value:  0

Dissector bug:  0

Valgrind error count:  2



Git commit
commit 4c570fae8899fe7703097cc060965acec4273747
Author: Mirko Parthey <mirko.parthey@web.de>
Date:   Mon Sep 5 16:39:45 2016 +0200

    ISAKMP: Fix handling of cert requests without CA

    Check IKEv1 Certificate Request Payloads for an empty
    Certificate Authority field, which is allowed by RFC 2408.
    Suppress dissection of this field if it is indeed empty.

    Change-Id: Ifb997e460a4c12003215fde86c374cfc769c5d72
    Reviewed-on: https://code.wireshark.org/review/17501
    Reviewed-by: Michael Mann <mmann78@netscape.net>
    Petri-Dish: Michael Mann <mmann78@netscape.net>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
    (cherry picked from commit 70f3737c3e4d9402cb2bb67cdd892e0e7e0ee991)
    Reviewed-on: https://code.wireshark.org/review/17504
    (cherry picked from commit e553366562bd04fd9a2aa7937c49b9291e84a77e)
    Reviewed-on: https://code.wireshark.org/review/17505
    Reviewed-by: Anders Broman <a.broman58@gmail.com>


Command and args: ./tools/valgrind-wireshark.sh 

==9839== Memcheck, a memory error detector
==9839== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==9839== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==9839== Command:
/home/wireshark/builders/wireshark-2.0-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.0/fuzz-2016-09-06-10235.pcap
==9839== 
==9839== Conditional jump or move depends on uninitialised value(s)
==9839==    at 0x4C33CF2: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9839==    by 0x6A8AF8C: dcom_interface_new (packet-dcom.c:316)
==9839==    by 0x6A889F6: dissect_remunk_remqueryinterface_resp
(packet-dcom-remunkn.c:182)
==9839==    by 0x6A7A887: dcerpc_try_handoff (packet-dcerpc.c:3151)
==9839==    by 0x6A7AEAD: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811)
==9839==    by 0x6A7EC9B: dissect_dcerpc_cn_resp (packet-dcerpc.c:4246)
==9839==    by 0x6A7EC9B: dissect_dcerpc_cn (packet-dcerpc.c:5043)
==9839==    by 0x6A80590: dissect_dcerpc_pdu (packet-dcerpc.c:5241)
==9839==    by 0x6FA6B81: tcp_dissect_pdus (packet-tcp.c:2750)
==9839==    by 0x6A77F0F: dissect_dcerpc_tcp (packet-dcerpc.c:5259)
==9839==    by 0x685C579: dissector_try_heuristic (packet.c:2178)
==9839==    by 0x6FA6D80: decode_tcp_ports (packet-tcp.c:4636)
==9839==    by 0x6FA7169: process_tcp_payload (packet-tcp.c:4682)
==9839== 
==9839== Conditional jump or move depends on uninitialised value(s)
==9839==    at 0x4C33D06: __memcmp_sse4_1 (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9839==    by 0x6A8AF8C: dcom_interface_new (packet-dcom.c:316)
==9839==    by 0x6A889F6: dissect_remunk_remqueryinterface_resp
(packet-dcom-remunkn.c:182)
==9839==    by 0x6A7A887: dcerpc_try_handoff (packet-dcerpc.c:3151)
==9839==    by 0x6A7AEAD: dissect_dcerpc_cn_stub.isra.13 (packet-dcerpc.c:3811)
==9839==    by 0x6A7EC9B: dissect_dcerpc_cn_resp (packet-dcerpc.c:4246)
==9839==    by 0x6A7EC9B: dissect_dcerpc_cn (packet-dcerpc.c:5043)
==9839==    by 0x6A80590: dissect_dcerpc_pdu (packet-dcerpc.c:5241)
==9839==    by 0x6FA6B81: tcp_dissect_pdus (packet-tcp.c:2750)
==9839==    by 0x6A77F0F: dissect_dcerpc_tcp (packet-dcerpc.c:5259)
==9839==    by 0x685C579: dissector_try_heuristic (packet.c:2178)
==9839==    by 0x6FA6D80: decode_tcp_ports (packet-tcp.c:4636)
==9839==    by 0x6FA7169: process_tcp_payload (packet-tcp.c:4682)
==9839== 
==9839== 
==9839== HEAP SUMMARY:
==9839==     in use at exit: 1,032,928 bytes in 28,298 blocks
==9839==   total heap usage: 249,182 allocs, 220,884 frees, 31,673,932 bytes
allocated
==9839== 
==9839== LEAK SUMMARY:
==9839==    definitely lost: 2,908 bytes in 125 blocks
==9839==    indirectly lost: 36,448 bytes in 48 blocks
==9839==      possibly lost: 0 bytes in 0 blocks
==9839==    still reachable: 993,572 bytes in 28,125 blocks
==9839==         suppressed: 0 bytes in 0 blocks
==9839== Rerun with --leak-check=full to see details of leaked memory
==9839== 
==9839== For counts of detected and suppressed errors, rerun with: -v
==9839== Use --track-origins=yes to see where uninitialised values come from
==9839== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 1 from 1)

[ no debug trace ]


You are receiving this mail because:
  • You are watching all bug changes.