https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12913
Bug ID: 12913 Summary: Buildbot crash output: fuzz-2016-09-17-2264.pcap Product: Wireshark Version: unspecified Hardware: x86-64 URL: https://www.wireshark.org/download/automated/captures/ fuzz-2016-09-17-2264.pcap OS: Ubuntu Status: CONFIRMED Severity: Major Priority: High Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: buildbot-do-not-re...@wireshark.org Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2016-09-17-2264.pcap stderr: Input file: /home/wireshark/menagerie/menagerie/1134-jensb-wpsdata.cap Build host information: Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial Buildbot information: BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark BUILDBOT_WORKERNAME=clang-code-analysis BUILDBOT_BUILDNUMBER=3690 BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/ BUILDBOT_BUILDERNAME=Clang Code Analysis BUILDBOT_GOT_REVISION=2832f4e97d77324b4e46aac40dae0ce898ae559d Return value: 1 Dissector bug: 0 Valgrind error count: 0 Git commit commit 2832f4e97d77324b4e46aac40dae0ce898ae559d Author: Pascal Quantin <pascal.quan...@gmail.com> Date: Fri Sep 16 20:59:06 2016 +0200 NSIS: add UDPdump to installer Change-Id: Ic340d7de5de2573bf1e4ee97c8f7ef9af822d225 Reviewed-on: https://code.wireshark.org/review/17746 Petri-Dish: Pascal Quantin <pascal.quan...@gmail.com> Reviewed-by: Alexis La Goutte <alexis.lagou...@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-re...@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quan...@gmail.com> ================================================================= ==11462==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe5fe20b11 at pc 0x000000440f03 bp 0x7ffe5fe20810 sp 0x7ffe5fe1ffc0 READ of size 4 at 0x7ffe5fe20b11 thread T0 #0 0x440f02 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440f02) #1 0x7fad947104f2 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x684f2) #2 0x7fad9ca28af3 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7a04af3) #3 0x7fad9c95ca47 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7938a47) #4 0x7fad9c95cf8a (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7938f8a) #5 0x7fad9ce3cdad (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e18dad) #6 0x7fad9c9176dc (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f36dc) #7 0x7fad9c91554c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f154c) #8 0x7fad9ce3e759 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1a759) #9 0x7fad9c9176dc (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f36dc) #10 0x7fad9c9179a8 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f39a8) #11 0x7fad9d161b46 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x813db46) #12 0x7fad9d162047 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x813e047) #13 0x7fad9c9176dc (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f36dc) #14 0x7fad9c91554c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f154c) #15 0x7fad9d023f72 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7ffff72) #16 0x7fad9d01c73a (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7ff873a) #17 0x7fad9c9176dc (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f36dc) #18 0x7fad9c9173aa (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f33aa) #19 0x7fad9cec2fcf (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e9efcf) #20 0x7fad9c9176dc (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f36dc) #21 0x7fad9c91554c (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f154c) #22 0x7fad9c914d1a (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78f0d1a) #23 0x7fad9c8faf0e (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x78d6f0e) #24 0x50ea04 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x50ea04) #25 0x5090d5 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x5090d5) #26 0x7fad928dc82f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #27 0x423328 (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x423328) Address 0x7ffe5fe20b11 is located in stack of thread T0 at offset 49 in frame #0 0x7fad9ce3c55f (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/lib/libwireshark.so.0+0x7e1855f) This frame has 3 object(s): [32, 33) 'eap_identity_prefix.i' [48, 49) 'eap_identity_prefix' <== Memory access at offset 49 overflows this variable [64, 72) 'frag_tree_item' HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install/bin/tshark+0x440f02) Shadow bytes around the buggy address: 0x10004bfbc110: 04 f2 04 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x10004bfbc120: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 0x10004bfbc130: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x10004bfbc140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004bfbc150: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x10004bfbc160: 01 f2[01]f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 0x10004bfbc170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004bfbc180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004bfbc190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004bfbc1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004bfbc1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==11462==ABORTING [ no debug trace ] -- You are receiving this mail because: You are watching all bug changes.
___________________________________________________________________________ Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe