https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14515
Bug ID: 14515
Summary: Buildbot crash output: fuzz-2018-03-08-26241.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: buildbot-do-not-re...@wireshark.org
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2018-03-08-26241.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/10606-9p.pcap.gz
Build host information:
Linux wsbb04 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4669
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=5f35b041c2d731297cdd4d780d029743fd49b9b4
Return value: 0
Dissector bug: 0
Valgrind error count: 0
Git commit
commit 5f35b041c2d731297cdd4d780d029743fd49b9b4
Author: Gerald Combs <ger...@wireshark.org>
Date: Thu Mar 8 13:31:23 2018 -0800
MaxMind DB fixups.
Make sure the text we read is null terminated. Properly strip our lines
and chunked strings. Copy over cast and strtod fixes from change 26347.
Change-Id: I0695e35c446c1bd277c53b458b07e428cdd90fb8
Reviewed-on: https://code.wireshark.org/review/26370
Petri-Dish: Gerald Combs <ger...@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <ger...@wireshark.org>
=================================================================
==31709==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d000119ea8
at pc 0x563bd10789b5 bp 0x7ffdb8cce920 sp 0x7ffdb8cce0d0
READ of size 16 at 0x61d000119ea8 thread T0
#0 0x563bd10789b4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0xf39b4)
#1 0x7fb5c0435c93
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa765c93)
#2 0x7fb5c03ae9d9
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa6de9d9)
#3 0x7fb5c04a6291
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7d6291)
#4 0x7fb5be5d1a06
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x8901a06)
#5 0x7fb5be5d11e3
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x89011e3)
#6 0x7fb5be5c7c4b
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x88f7c4b)
#7 0x7fb5c04c6114
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
#8 0x7fb5c04bb8a1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
#9 0x7fb5c04c29ec
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f29ec)
#10 0x7fb5c04b7bb4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e7bb4)
#11 0x7fb5c04c2a31
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f2a31)
#12 0x7fb5be576bf4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x88a6bf4)
#13 0x7fb5c04c6114
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
#14 0x7fb5c04bb8a1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
#15 0x7fb5c04bb20a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb20a)
#16 0x7fb5c04bbc69
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7ebc69)
#17 0x7fb5be1a846a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x84d846a)
#18 0x7fb5c04c6114
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
#19 0x7fb5c04bb8a1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
#20 0x7fb5c04c29ec
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f29ec)
#21 0x7fb5c04b7bb4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e7bb4)
#22 0x7fb5befc86ad
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x92f86ad)
#23 0x7fb5c04c6114
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
#24 0x7fb5c04bb8a1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
#25 0x7fb5c04bb20a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb20a)
#26 0x7fb5be25066f
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x858066f)
#27 0x7fb5c04c6114
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
#28 0x7fb5c04bb8a1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
#29 0x7fb5c04c29ec
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f29ec)
#30 0x7fb5c04b7bb4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e7bb4)
#31 0x7fb5c04b73b4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e73b4)
#32 0x7fb5c0488d38
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7b8d38)
#33 0x563bd10f2ce3
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16dce3)
#34 0x563bd10eee24
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x169e24)
#35 0x563bd10e989a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16489a)
#36 0x7fb5b3d4282f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#37 0x563bd0fe0ac8
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x5bac8)
0x61d000119ea8 is located 40 bytes inside of 2048-byte region
[0x61d000119e80,0x61d00011a680)
freed by thread T0 here:
#0 0x563bd10a1a58
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11ca58)
#1 0x7fb5b47767d7 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f7d7)
#2 0x7fb5b5291798
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x1f3798)
#3 0x7fb5b522d7ba
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x18f7ba)
#4 0x7fb5b522048f
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x18248f)
#5 0x7fb5b5220e6f
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x182e6f)
#6 0x7fb5b5291084
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x1f3084)
#7 0x563bd10eec8d
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x169c8d)
#8 0x563bd10e989a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16489a)
#9 0x7fb5b3d4282f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
previously allocated by thread T0 here:
#0 0x563bd10a15f8
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11c5f8)
#1 0x7fb5b4776718 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f718)
#2 0x7fb5b513b853
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x9d853)
#3 0x563bd10ec9be
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x1679be)
#4 0x563bd10e9315
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x164315)
#5 0x7fb5b3d4282f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: heap-use-after-free
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0xf39b4)
Shadow bytes around the buggy address:
0x0c3a8001b380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a8001b390: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a8001b3a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a8001b3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3a8001b3c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3a8001b3d0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
0x0c3a8001b3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3a8001b3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3a8001b400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3a8001b410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3a8001b420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31709==ABORTING
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe