https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16779
Bug ID: 16779
Summary: Buildbot crash output: fuzz-2020-08-13-24192.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2020-08-13-24192.pcap
stderr:
Input file:
/home/wireshark/menagerie/menagerie/16589-PR_1382261__pcap_for_Wireshark.snoop
Build host information:
Linux build6 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 18.04.5 LTS
Release: 18.04
Codename: bionic
Buildbot information:
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=5284
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_GOT_REVISION=f59262b94c10cb3e2c5655274698899dc41d43cf
Return value: 0
Dissector bug: 0
Valgrind error count: 1
Git commit
commit f59262b94c10cb3e2c5655274698899dc41d43cf
Author: Pascal Quantin <[email protected]>
Date: Thu Aug 13 13:48:20 2020 +0200
GTPv2: fix S103PDF and S1UDF IE dissection
The IPv4 or IPv6 address was not added properly to the tree
Bug: 16777
Change-Id: Ic28138cc1d4c2dc350fb5ff95aa3a5496a293c91
Reviewed-on: https://code.wireshark.org/review/38153
Petri-Dish: Pascal Quantin <[email protected]>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <[email protected]>
Command and args: ./tools/valgrind-wireshark.sh -b
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin
==28382== Memcheck, a memory error detector
==28382== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==28382== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==28382== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2020-08-13-24192.pcap
==28382==
==28382== Invalid read of size 1
==28382== at 0x4C32CF2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28382== by 0x7039734: dissect_eap_identity_wlan (packet-eap.c:723)
==28382== by 0x7037ED2: dissect_eap_identity (packet-eap.c:735)
==28382== by 0x7037122: dissect_eap (packet-eap.c:1036)
==28382== by 0x8432EC7: call_dissector_through_handle (packet.c:712)
==28382== by 0x842E9FC: call_dissector_work (packet.c:805)
==28382== by 0x8431B6B: call_dissector_only (packet.c:3222)
==28382== by 0x842D434: call_dissector_with_data (packet.c:3235)
==28382== by 0x8431BB1: call_dissector (packet.c:3252)
==28382== by 0x7717CDD: dissect_attribute_value_pairs (packet-radius.c:1852)
==28382== by 0x7719380: dissect_radius (packet-radius.c:2280)
==28382== by 0x8432EC7: call_dissector_through_handle (packet.c:712)
==28382== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==28382==
==28382==
==28382== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==28382== Access not within mapped region at address 0x0
==28382== at 0x4C32CF2: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==28382== by 0x7039734: dissect_eap_identity_wlan (packet-eap.c:723)
==28382== by 0x7037ED2: dissect_eap_identity (packet-eap.c:735)
==28382== by 0x7037122: dissect_eap (packet-eap.c:1036)
==28382== by 0x8432EC7: call_dissector_through_handle (packet.c:712)
==28382== by 0x842E9FC: call_dissector_work (packet.c:805)
==28382== by 0x8431B6B: call_dissector_only (packet.c:3222)
==28382== by 0x842D434: call_dissector_with_data (packet.c:3235)
==28382== by 0x8431BB1: call_dissector (packet.c:3252)
==28382== by 0x7717CDD: dissect_attribute_value_pairs (packet-radius.c:1852)
==28382== by 0x7719380: dissect_radius (packet-radius.c:2280)
==28382== by 0x8432EC7: call_dissector_through_handle (packet.c:712)
==28382== If you believe this happened as a result of a stack
==28382== overflow in your program's main thread (unlikely but
==28382== possible), you can try to increase the size of the
==28382== main thread stack using the --main-stacksize= flag.
==28382== The main thread stack size used in this run was 2084864.
==28382==
==28382== HEAP SUMMARY:
==28382== in use at exit: 30,766,511 bytes in 319,359 blocks
==28382== total heap usage: 400,332 allocs, 80,973 frees, 50,554,775 bytes
allocated
==28382==
==28382== LEAK SUMMARY:
==28382== definitely lost: 48 bytes in 1 blocks
==28382== indirectly lost: 35 bytes in 5 blocks
==28382== possibly lost: 0 bytes in 0 blocks
==28382== still reachable: 30,760,949 bytes in 319,270 blocks
==28382== suppressed: 5,479 bytes in 83 blocks
==28382== Rerun with --leak-check=full to see details of leaked memory
==28382==
==28382== For counts of detected and suppressed errors, rerun with: -v
==28382== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:[email protected]?subject=unsubscribe
