https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12939
Bug ID: 12939
Summary: Buildbot crash output: fuzz-2016-09-22-2022.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
URL: https://www.wireshark.org/download/automated/captures/
fuzz-2016-09-22-2022.pcap
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: buildbot-do-not-re...@wireshark.org
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2016-09-22-2022.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/1432-hcilog_H4.log
Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=91
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=6b495a13ccd40d42dcca4b0a8ca9e37784adaa1b
Return value: 0
Dissector bug: 0
Valgrind error count: 464
Git commit
commit 6b495a13ccd40d42dcca4b0a8ca9e37784adaa1b
Author: Alexis La Goutte <alexis.lagou...@gmail.com>
Date: Tue Sep 20 14:14:38 2016 +0200
TLS: no extension length on padding extension
also remove padding function (don't needed)
Bug: 12922
Change-Id: Ie049ee21193ec82b8dc873a7dff78e9d058c7935
Reviewed-on: https://code.wireshark.org/review/17825
Petri-Dish: Peter Wu <pe...@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-re...@wireshark.org>
Reviewed-by: Peter Wu <pe...@lekensteyn.nl>
(cherry picked from commit b9d4a18ad2f10cc9216d8131d9e1ddc89bfc50ac)
Reviewed-on: https://code.wireshark.org/review/17831
Reviewed-by: Anders Broman <a.broma...@gmail.com>
==1840== Memcheck, a memory error detector
==1840== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1840== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==1840== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -Vx -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-22-2022.pcap
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xB083163: inet_ntop6 (inet_ntop.c:134)
==1840== by 0xB083163: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840== by 0x4167DA: print_packet (tshark.c:3846)
==1840== by 0x416E8A: process_packet (tshark.c:3447)
==1840== by 0x40E247: load_cap_file (tshark.c:3189)
==1840== by 0x40E247: main (tshark.c:1889)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xB082EA5: inet_ntop6 (inet_ntop.c:134)
==1840== by 0xB082EA5: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840== by 0x4167DA: print_packet (tshark.c:3846)
==1840== by 0x416E8A: process_packet (tshark.c:3447)
==1840== by 0x40E247: load_cap_file (tshark.c:3189)
==1840== by 0x40E247: main (tshark.c:1889)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xB0831B1: inet_ntop6 (inet_ntop.c:134)
==1840== by 0xB0831B1: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840== by 0x4167DA: print_packet (tshark.c:3846)
==1840== by 0x416E8A: process_packet (tshark.c:3447)
==1840== by 0x40E247: load_cap_file (tshark.c:3189)
==1840== by 0x40E247: main (tshark.c:1889)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xB082EDB: inet_ntop6 (inet_ntop.c:134)
==1840== by 0xB082EDB: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840== by 0x4167DA: print_packet (tshark.c:3846)
==1840== by 0x416E8A: process_packet (tshark.c:3447)
==1840== by 0x40E247: load_cap_file (tshark.c:3189)
==1840== by 0x40E247: main (tshark.c:1889)
==1840==
==1840== Use of uninitialised value of size 8
==1840== at 0xAFA86D1: _itoa_word (_itoa.c:180)
==1840== by 0xAFAC0EC: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFA86D8: _itoa_word (_itoa.c:180)
==1840== by 0xAFAC0EC: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083064: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083064: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB08309D: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB08309D: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB08309D: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB08309D: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB08309D: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB08309D: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB0830D6: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB0830D6: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB0830D6: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB0830D6: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB0830D6: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB0830D6: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFAC16F: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083113: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083113: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABC19: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083113: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083113: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840== Conditional jump or move depends on uninitialised value(s)
==1840== at 0xAFABCA2: vfprintf (vfprintf.c:1631)
==1840== by 0xAFCE10A: vsprintf (iovsprintf.c:42)
==1840== by 0xAFB3976: sprintf (sprintf.c:32)
==1840== by 0xB083113: inet_ntop6 (inet_ntop.c:177)
==1840== by 0xB083113: inet_ntop (inet_ntop.c:65)
==1840== by 0x692FD9C: ipv6_to_str (address_types.c:250)
==1840== by 0x693040D: address_to_str (address_types.c:700)
==1840== by 0x6968189: proto_item_fill_label (proto.c:7254)
==1840== by 0x695535D: proto_tree_print_node (print.c:180)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x6955224: proto_tree_print_node (print.c:235)
==1840== by 0x695A968: proto_tree_children_foreach (proto.c:689)
==1840== by 0x69579D5: proto_tree_print (print.c:149)
==1840==
==1840==
==1840== HEAP SUMMARY:
==1840== in use at exit: 446,038 bytes in 9,616 blocks
==1840== total heap usage: 610,432 allocs, 600,816 frees, 55,797,466 bytes
allocated
==1840==
==1840== LEAK SUMMARY:
==1840== definitely lost: 343 bytes in 20 blocks
==1840== indirectly lost: 362 bytes in 4 blocks
==1840== possibly lost: 0 bytes in 0 blocks
==1840== still reachable: 445,333 bytes in 9,592 blocks
==1840== suppressed: 0 bytes in 0 blocks
==1840== Rerun with --leak-check=full to see details of leaked memory
==1840==
==1840== For counts of detected and suppressed errors, rerun with: -v
==1840== Use --track-origins=yes to see where uninitialised values come from
==1840== ERROR SUMMARY: 464 errors from 18 contexts (suppressed: 1 from 1)
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
