Wireshark-bugs: [Wireshark-bugs] [Bug 12939] New: Buildbot crash output: fuzz-2016-09-22-2022.pc
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 22 Sep 2016 16:00:03 +0000
Bug ID 12939
Summary Buildbot crash output: fuzz-2016-09-22-2022.pcap
Product Wireshark
Version unspecified
Hardware x86-64
URL https://www.wireshark.org/download/automated/captures/fuzz-2016-09-22-2022.pcap
OS Ubuntu
Status CONFIRMED
Severity Major
Priority High
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter buildbot-do-not-reply@wireshark.org 

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-22-2022.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/1432-hcilog_H4.log

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=91
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=6b495a13ccd40d42dcca4b0a8ca9e37784adaa1b

Return value:  0

Dissector bug:  0

Valgrind error count:  464



Git commit
commit 6b495a13ccd40d42dcca4b0a8ca9e37784adaa1b
Author: Alexis La Goutte <alexis.lagoutte@gmail.com>
Date:   Tue Sep 20 14:14:38 2016 +0200

    TLS: no extension length on padding extension

    also remove padding function (don't needed)

    Bug: 12922
    Change-Id: Ie049ee21193ec82b8dc873a7dff78e9d058c7935
    Reviewed-on: https://code.wireshark.org/review/17825
    Petri-Dish: Peter Wu <peter@lekensteyn.nl>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
    Reviewed-by: Peter Wu <peter@lekensteyn.nl>
    (cherry picked from commit b9d4a18ad2f10cc9216d8131d9e1ddc89bfc50ac)
    Reviewed-on: https://code.wireshark.org/review/17831
    Reviewed-by: Anders Broman <a.broman58@gmail.com>


==1840== Memcheck, a memory error detector
==1840== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1840== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==1840== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -Vx -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-22-2022.pcap
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xB083163: inet_ntop6 (inet_ntop.c:134)
==1840==    by 0xB083163: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840==    by 0x4167DA: print_packet (tshark.c:3846)
==1840==    by 0x416E8A: process_packet (tshark.c:3447)
==1840==    by 0x40E247: load_cap_file (tshark.c:3189)
==1840==    by 0x40E247: main (tshark.c:1889)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xB082EA5: inet_ntop6 (inet_ntop.c:134)
==1840==    by 0xB082EA5: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840==    by 0x4167DA: print_packet (tshark.c:3846)
==1840==    by 0x416E8A: process_packet (tshark.c:3447)
==1840==    by 0x40E247: load_cap_file (tshark.c:3189)
==1840==    by 0x40E247: main (tshark.c:1889)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xB0831B1: inet_ntop6 (inet_ntop.c:134)
==1840==    by 0xB0831B1: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840==    by 0x4167DA: print_packet (tshark.c:3846)
==1840==    by 0x416E8A: process_packet (tshark.c:3447)
==1840==    by 0x40E247: load_cap_file (tshark.c:3189)
==1840==    by 0x40E247: main (tshark.c:1889)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xB082EDB: inet_ntop6 (inet_ntop.c:134)
==1840==    by 0xB082EDB: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840==    by 0x4167DA: print_packet (tshark.c:3846)
==1840==    by 0x416E8A: process_packet (tshark.c:3447)
==1840==    by 0x40E247: load_cap_file (tshark.c:3189)
==1840==    by 0x40E247: main (tshark.c:1889)
==1840== 
==1840== Use of uninitialised value of size 8
==1840==    at 0xAFA86D1: _itoa_word (_itoa.c:180)
==1840==    by 0xAFAC0EC: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFA86D8: _itoa_word (_itoa.c:180)
==1840==    by 0xAFAC0EC: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB08309D: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB08309D: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB08309D: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB08309D: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB08309D: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB08309D: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB0830D6: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB0830D6: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB0830D6: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB0830D6: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB0830D6: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB0830D6: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083113: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083113: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083113: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083113: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== Conditional jump or move depends on uninitialised value(s)
==1840==    at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840==    by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840==    by 0xAFB3976: sprintf (sprintf.c:32)
==1840==    by 0xB083113: inet_ntop6 (inet_ntop.c:177)
==1840==    by 0xB083113: inet_ntop (inet_ntop.c:65)
==1840==    by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840==    by 0x693040D: address_to_str (address_types.c:700)
==1840==    by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840==    by 0x695535D: proto_tree_print_node (print.c:180)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x6955224: proto_tree_print_node (print.c:235)
==1840==    by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==    by 0x69579D5: proto_tree_print (print.c:149)
==1840== 
==1840== 
==1840== HEAP SUMMARY:
==1840==     in use at exit: 446,038 bytes in 9,616 blocks
==1840==   total heap usage: 610,432 allocs, 600,816 frees, 55,797,466 bytes
allocated
==1840== 
==1840== LEAK SUMMARY:
==1840==    definitely lost: 343 bytes in 20 blocks
==1840==    indirectly lost: 362 bytes in 4 blocks
==1840==      possibly lost: 0 bytes in 0 blocks
==1840==    still reachable: 445,333 bytes in 9,592 blocks
==1840==         suppressed: 0 bytes in 0 blocks
==1840== Rerun with --leak-check=full to see details of leaked memory
==1840== 
==1840== For counts of detected and suppressed errors, rerun with: -v
==1840== Use --track-origins=yes to see where uninitialised values come from
==1840== ERROR SUMMARY: 464 errors from 18 contexts (suppressed: 1 from 1)

[ no debug trace ]

You are receiving this mail because:
  • You are watching all bug changes.