Wireshark-bugs: [Wireshark-bugs] [Bug 13144] New: Buildbot crash output: fuzz-2016-11-16-2756.pc
Date: Wed, 16 Nov 2016 09:30:02 +0000
Bug ID | 13144 |
---|---|
Summary | Buildbot crash output: fuzz-2016-11-16-2756.pcap |
Product | Wireshark |
Version | unspecified |
Hardware | x86-64 |
URL | https://www.wireshark.org/download/automated/captures/fuzz-2016-11-16-2756.pcap |
OS | Ubuntu |
Status | CONFIRMED |
Severity | Major |
Priority | High |
Component | Dissection engine (libwireshark) |
Assignee | bugzilla-admin@wireshark.org |
Reporter | buildbot-do-not-reply@wireshark.org |
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2016-11-16-2756.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/14032-sample_cid1_gen19.pcap Build host information: Linux wsbb04 4.4.0-45-generic #66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial Buildbot information: BUILDBOT_REPOSITORY=ssh://wireshark-buildbot@code.wireshark.org:29418/wireshark BUILDBOT_WORKERNAME=clang-code-analysis BUILDBOT_BUILDNUMBER=3774 BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_GOT_REVISION=7f2a83892204821145768b76bbdd0719b57787f8 Return value: 0 Dissector bug: 0 Valgrind error count: 5 Git commit commit 7f2a83892204821145768b76bbdd0719b57787f8 Author: Franklin "Snaipe" Mathieu <snaipe@diacritic.io> Date: Tue Nov 8 17:13:41 2016 +0100 lua: Allow proto:register_heuristic to be used on multiple list names In the C API, one can register a heuristic for the same protocol on different lists by specifying another unique short_name. This is impossible in the lua API, as the protocol name is used as the short name itself. This change fixes that by creating an unique shortname composed of the protocol name and the target list name. Change-Id: I2c30ce6e4f7a3b38879180c64cf8564f779163b4 Signed-off-by: Franklin "Snaipe" Mathieu <snaipe@diacritic.io> Reviewed-on: https://code.wireshark.org/review/18711 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl> ==21296== Memcheck, a memory error detector ==21296== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==21296== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==21296== Command: /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark -nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2016-11-16-2756.pcap ==21296== ==21296== Invalid read of size 1 ==21296== at 0x69DE58B: fragment_add_seq_single_work (reassemble.c:2235) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B26FC: call_dissector_only (packet.c:2954) ==21296== by 0x69B26FC: call_dissector_with_data (packet.c:2967) ==21296== Address 0x14036f45 is 37 bytes inside a block of size 56 free'd ==21296== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0x69DCE3A: fragment_delete (reassemble.c:606) ==21296== by 0x69DE4FD: fragment_add_seq_single_work (reassemble.c:2216) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== Block was alloc'd at ==21296== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0xA6F7728: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70E932: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70EFCD: g_slice_alloc0 (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0x69DE5D5: new_head (reassemble.c:366) ==21296== by 0x69DE5D5: fragment_add_seq_single_work (reassemble.c:2274) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== ==21296== Invalid read of size 4 ==21296== at 0x69DE592: fragment_add_seq_single_work (reassemble.c:2238) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B26FC: call_dissector_only (packet.c:2954) ==21296== by 0x69B26FC: call_dissector_with_data (packet.c:2967) ==21296== Address 0x14036f38 is 24 bytes inside a block of size 56 free'd ==21296== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0x69DCE3A: fragment_delete (reassemble.c:606) ==21296== by 0x69DE4FD: fragment_add_seq_single_work (reassemble.c:2216) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== Block was alloc'd at ==21296== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0xA6F7728: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70E932: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70EFCD: g_slice_alloc0 (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0x69DE5D5: new_head (reassemble.c:366) ==21296== by 0x69DE5D5: fragment_add_seq_single_work (reassemble.c:2274) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== ==21296== Invalid read of size 1 ==21296== at 0x69DE954: fragment_add_seq_single_work (reassemble.c:2239) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B26FC: call_dissector_only (packet.c:2954) ==21296== by 0x69B26FC: call_dissector_with_data (packet.c:2967) ==21296== Address 0x14036f45 is 37 bytes inside a block of size 56 free'd ==21296== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0x69DCE3A: fragment_delete (reassemble.c:606) ==21296== by 0x69DE4FD: fragment_add_seq_single_work (reassemble.c:2216) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== Block was alloc'd at ==21296== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0xA6F7728: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70E932: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70EFCD: g_slice_alloc0 (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0x69DE5D5: new_head (reassemble.c:366) ==21296== by 0x69DE5D5: fragment_add_seq_single_work (reassemble.c:2274) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== ==21296== Invalid write of size 4 ==21296== at 0x69DE959: fragment_add_seq_single_work (reassemble.c:2240) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B26FC: call_dissector_only (packet.c:2954) ==21296== by 0x69B26FC: call_dissector_with_data (packet.c:2967) ==21296== Address 0x14036f38 is 24 bytes inside a block of size 56 free'd ==21296== at 0x4C2EDEB: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0x69DCE3A: fragment_delete (reassemble.c:606) ==21296== by 0x69DE4FD: fragment_add_seq_single_work (reassemble.c:2216) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B350E: dissector_try_uint_new (packet.c:1290) ==21296== by 0x6CCE5CE: dissect_frame (packet-frame.c:507) ==21296== Block was alloc'd at ==21296== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==21296== by 0xA6F7728: g_malloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70E932: g_slice_alloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0xA70EFCD: g_slice_alloc0 (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1) ==21296== by 0x69DE5D5: new_head (reassemble.c:366) ==21296== by 0x69DE5D5: fragment_add_seq_single_work (reassemble.c:2274) ==21296== by 0x69DE9AD: fragment_add_seq_single_aging (reassemble.c:2401) ==21296== by 0x6FF4A31: dissect_mp (packet-ppp.c:5322) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== by 0x69B3729: dissector_try_uint_new (packet.c:1290) ==21296== by 0x69B3729: dissector_try_uint (packet.c:1316) ==21296== by 0x6FF7A48: dissect_ppp_common (packet-ppp.c:4366) ==21296== by 0x6FF44EC: dissect_ppp_hdlc (packet-ppp.c:5445) ==21296== by 0x69B3645: call_dissector_through_handle (packet.c:650) ==21296== by 0x69B3645: call_dissector_work (packet.c:725) ==21296== ==21296== ==21296== HEAP SUMMARY: ==21296== in use at exit: 6,084,687 bytes in 9,719 blocks ==21296== total heap usage: 309,195 allocs, 299,476 frees, 39,465,279 bytes allocated ==21296== ==21296== LEAK SUMMARY: ==21296== definitely lost: 344 bytes in 86 blocks ==21296== indirectly lost: 0 bytes in 0 blocks ==21296== possibly lost: 0 bytes in 0 blocks ==21296== still reachable: 6,084,343 bytes in 9,633 blocks ==21296== suppressed: 0 bytes in 0 blocks ==21296== Rerun with --leak-check=full to see details of leaked memory ==21296== ==21296== For counts of detected and suppressed errors, rerun with: -v ==21296== ERROR SUMMARY: 5 errors from 4 contexts (suppressed: 0 from 0) [ no debug trace ]
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 13144] Buildbot crash output: fuzz-2016-11-16-2756.pcap
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13144] Buildbot crash output: fuzz-2016-11-16-2756.pcap
- Prev by Date: [Wireshark-bugs] [Bug 13141] TCP options type filed interpreted as IP options type field
- Next by Date: [Wireshark-bugs] [Bug 13141] TCP options type filed interpreted as IP options type field
- Previous by thread: [Wireshark-bugs] [Bug 13143] Buildbot crash output: fuzz-2016-11-14-26123.pcap
- Next by thread: [Wireshark-bugs] [Bug 13144] Buildbot crash output: fuzz-2016-11-16-2756.pcap
- Index(es):