https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14967
Bug ID: 14967
Summary: Buildbot crash output: fuzz-2018-07-12-1324.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: buildbot-do-not-re...@wireshark.org
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2018-07-12-1324.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/13056-svi7.pcap
Build host information:
Linux wsbb04 4.4.0-130-generic #156-Ubuntu SMP Thu Jun 14 08:53:28 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4821
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=16953695d734555a4472bada9d2dec799544d619
Return value: 0
Dissector bug: 0
Valgrind error count: 37
Git commit
commit 16953695d734555a4472bada9d2dec799544d619
Author: Peter Wu <pe...@lekensteyn.nl>
Date: Tue Jul 10 00:33:24 2018 +0200
Qt: make "Save As" in Follow Streams usable
For formats other than "Raw" and "UTF-8", the written file does not
match the actual stream data. It would be duplicated in strange ways.
Executing the "Save As" action twice while the dialog is open would also
write two different files (huh?).
As a quick fix, just replace the strange save logic by writing the text
field contents. A functional difference is that previously it would
write data while parsing the "follow data" list, now it uses the text
field contents. That data will now be truncated after 500 MB.
Bug: 14933
Change-Id: I498676389d0da3ac070346d6903bd2e6b0fc7674
Fixes: v1.11.0-rc1-2538-g80f9326b2f ("Add TCP/UDP/SSL Follow feature to
QtShark")
Reviewed-on: https://code.wireshark.org/review/28663
Petri-Dish: Peter Wu <pe...@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <pe...@lekensteyn.nl>
Command and args: ./tools/valgrind-wireshark.sh -b
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin
-T
==7327== Memcheck, a memory error detector
==7327== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==7327== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==7327== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-Vx -nr
/fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2018-07-12-1324.pcap
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F74C18: display_signed_time (to_str.c:655)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327== by 0x120F24: print_packet (tshark.c:3931)
==7327== by 0x12040D: process_packet_single_pass (tshark.c:3564)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F74E43: int_to_str_back (to_str.c:1296)
==7327== by 0x7F74C5C: display_signed_time (to_str.c:664)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327== by 0x120F24: print_packet (tshark.c:3931)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F73FCF: uint_to_str_back (to_str.c:1210)
==7327== by 0x7F74E80: int_to_str_back (to_str.c:1300)
==7327== by 0x7F74C5C: display_signed_time (to_str.c:664)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F73FF1: uint_to_str_back (to_str.c:1213)
==7327== by 0x7F74E80: int_to_str_back (to_str.c:1300)
==7327== by 0x7F74C5C: display_signed_time (to_str.c:664)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Use of uninitialised value of size 8
==7327== at 0x7F74034: uint_to_str_back (to_str.c:1218)
==7327== by 0x7F74E80: int_to_str_back (to_str.c:1300)
==7327== by 0x7F74C5C: display_signed_time (to_str.c:664)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Use of uninitialised value of size 8
==7327== at 0x7F7404F: uint_to_str_back (to_str.c:1219)
==7327== by 0x7F74E80: int_to_str_back (to_str.c:1300)
==7327== by 0x7F74C5C: display_signed_time (to_str.c:664)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F7406F: uint_to_str_back (to_str.c:1222)
==7327== by 0x7F74E80: int_to_str_back (to_str.c:1300)
==7327== by 0x7F74C5C: display_signed_time (to_str.c:664)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F73FCF: uint_to_str_back (to_str.c:1210)
==7327== by 0x7F74EAD: uint_to_str_back_len (to_str.c:1258)
==7327== by 0x7F74D82: display_signed_time (to_str.c:695)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F73FF1: uint_to_str_back (to_str.c:1213)
==7327== by 0x7F74EAD: uint_to_str_back_len (to_str.c:1258)
==7327== by 0x7F74D82: display_signed_time (to_str.c:695)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Use of uninitialised value of size 8
==7327== at 0x7F74034: uint_to_str_back (to_str.c:1218)
==7327== by 0x7F74EAD: uint_to_str_back_len (to_str.c:1258)
==7327== by 0x7F74D82: display_signed_time (to_str.c:695)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Use of uninitialised value of size 8
==7327== at 0x7F7404F: uint_to_str_back (to_str.c:1219)
==7327== by 0x7F74EAD: uint_to_str_back_len (to_str.c:1258)
==7327== by 0x7F74D82: display_signed_time (to_str.c:695)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x7F7406F: uint_to_str_back (to_str.c:1222)
==7327== by 0x7F74EAD: uint_to_str_back_len (to_str.c:1258)
==7327== by 0x7F74D82: display_signed_time (to_str.c:695)
==7327== by 0x7F754FA: rel_time_to_secs_str (to_str.c:924)
==7327== by 0x7F4F71F: proto_item_fill_label (proto.c:8344)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0xBE8CCC0: vfprintf (vfprintf.c:1632)
==7327== by 0xBF54895: __vsnprintf_chk (vsnprintf_chk.c:63)
==7327== by 0xBBBAC5E: g_snprintf (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==7327== by 0x7F4F747: proto_item_fill_label (proto.c:8345)
==7327== by 0x7F21CE1: proto_tree_print_node (print.c:187)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327== by 0x120F24: print_packet (tshark.c:3931)
==7327==
==7327== Conditional jump or move depends on uninitialised value(s)
==7327== at 0x4C30F78: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7327== by 0xBEAC03E: fputs (iofputs.c:33)
==7327== by 0x7F28ABC: print_line_color_text (print_stream.c:328)
==7327== by 0x7F2882E: print_line_text (print_stream.c:343)
==7327== by 0x7F28375: print_line (print_stream.c:242)
==7327== by 0x7F21D7C: proto_tree_print_node (print.c:193)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21FB9: proto_tree_print_node (print.c:242)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327== Syscall param write(buf) points to uninitialised byte(s)
==7327== at 0xBF352DD: ??? (syscall-template.S:84)
==7327== by 0xBEB6BFE: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1263)
==7327== by 0xBEB8408: new_do_write (fileops.c:518)
==7327== by 0xBEB8408: _IO_do_write@@GLIBC_2.2.5 (fileops.c:494)
==7327== by 0xBEB747C: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1331)
==7327== by 0xBEAC0C7: fputs (iofputs.c:38)
==7327== by 0x7F28ABC: print_line_color_text (print_stream.c:328)
==7327== by 0x7F2882E: print_line_text (print_stream.c:343)
==7327== by 0x7F28375: print_line (print_stream.c:242)
==7327== by 0x7F21D7C: proto_tree_print_node (print.c:193)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327== by 0x120F24: print_packet (tshark.c:3931)
==7327== Address 0x18b2a7b9 is 2,217 bytes inside a block of size 4,096
alloc'd
==7327== at 0x4C2DB8F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7327== by 0xBEAB1D4: _IO_file_doallocate (filedoalloc.c:127)
==7327== by 0xBEB9593: _IO_doallocbuf (genops.c:398)
==7327== by 0xBEB88F7: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:820)
==7327== by 0xBEB728C: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1331)
==7327== by 0xBEAC0C7: fputs (iofputs.c:38)
==7327== by 0x7F28ABC: print_line_color_text (print_stream.c:328)
==7327== by 0x7F2882E: print_line_text (print_stream.c:343)
==7327== by 0x7F28375: print_line (print_stream.c:242)
==7327== by 0x7F21D7C: proto_tree_print_node (print.c:193)
==7327== by 0x7F39093: proto_tree_children_foreach (proto.c:687)
==7327== by 0x7F21BAC: proto_tree_print (print.c:156)
==7327==
==7327==
==7327== HEAP SUMMARY:
==7327== in use at exit: 125,530 bytes in 368 blocks
==7327== total heap usage: 16,308,606 allocs, 16,308,238 frees, 1,160,212,625
bytes allocated
==7327==
==7327== LEAK SUMMARY:
==7327== definitely lost: 0 bytes in 0 blocks
==7327== indirectly lost: 0 bytes in 0 blocks
==7327== possibly lost: 0 bytes in 0 blocks
==7327== still reachable: 14,851 bytes in 88 blocks
==7327== of which reachable via heuristic:
==7327== newarray : 1,536 bytes in 16 blocks
==7327== suppressed: 110,679 bytes in 280 blocks
==7327== Rerun with --leak-check=full to see details of leaked memory
==7327==
==7327== For counts of detected and suppressed errors, rerun with: -v
==7327== Use --track-origins=yes to see where uninitialised values come from
==7327== ERROR SUMMARY: 37 errors from 15 contexts (suppressed: 0 from 0)
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
