https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12935

            Bug ID: 12935
           Summary: Buildbot crash output: fuzz-2016-09-21-32201.pcap
           Product: Wireshark
           Version: unspecified
          Hardware: x86-64
               URL: https://www.wireshark.org/download/automated/captures/
                    fuzz-2016-09-21-32201.pcap
                OS: Ubuntu
            Status: CONFIRMED
          Severity: Major
          Priority: High
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: buildbot-do-not-re...@wireshark.org

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2016-09-21-32201.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/2867-ldss_filtered.pcap

Build host information:
Linux wsbb04 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID:    Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:    16.04
Codename:    xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=90
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.2/
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_GOT_REVISION=23e8ae4e148af8d8a5282433f34fb6cab775f4d1

Return value:  0

Dissector bug:  0

Valgrind error count:  1



Git commit
commit 23e8ae4e148af8d8a5282433f34fb6cab775f4d1
Author: Pascal Quantin <pascal.quan...@gmail.com>
Date:   Mon Sep 19 09:37:27 2016 +0200

    Qt: reenable export packet bytes menu while capturing

    Change-Id: I2a3e35ec7c3233e6b32c53a2124b00bbfff8a2e1
    Reviewed-on: https://code.wireshark.org/review/17793
    Reviewed-by: Pascal Quantin <pascal.quan...@gmail.com>
    (cherry picked from commit a8e727b636ad39e1b041458411450882ac381247)
    Reviewed-on: https://code.wireshark.org/review/17794


==31565== Memcheck, a memory error detector
==31565== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==31565== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==31565== Command:
/home/wireshark/builders/wireshark-2.2-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.2/fuzz-2016-09-21-32201.pcap
==31565== 
==31565== Invalid read of size 1
==31565==    at 0xAF9A934: ____strtoul_l_internal (strtol_l.c:293)
==31565==    by 0x6DEC2A9: dissect_ldss_transfer (packet-ldss.c:566)
==31565==    by 0x694939E: call_dissector_through_handle (packet.c:648)
==31565==    by 0x694939E: call_dissector_work (packet.c:723)
==31565==    by 0x693A625: try_conversation_dissector (conversation.c:1323)
==31565==    by 0x710409A: decode_tcp_ports (packet-tcp.c:4994)
==31565==    by 0x7104544: process_tcp_payload (packet-tcp.c:5098)
==31565==    by 0x7104C5E: desegment_tcp (packet-tcp.c:2631)
==31565==    by 0x7104C5E: dissect_tcp_payload (packet-tcp.c:5165)
==31565==    by 0x7106A18: dissect_tcp (packet-tcp.c:6036)
==31565==    by 0x694939E: call_dissector_through_handle (packet.c:648)
==31565==    by 0x694939E: call_dissector_work (packet.c:723)
==31565==    by 0x6949AC8: dissector_try_uint_new (packet.c:1188)
==31565==    by 0x6D50A95: ip_try_dissect (packet-ip.c:1976)
==31565==    by 0x6D51C64: dissect_ip_v4 (packet-ip.c:2438)
==31565==  Address 0x12a55649 is 0 bytes after a block of size 9 alloc'd
==31565==    at 0x4C2DB8F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31565==    by 0xA31B728: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.1)
==31565==    by 0x753C78B: wmem_simple_alloc (wmem_allocator_simple.c:55)
==31565==    by 0x697ED0C: tvb_memdup (tvbuff.c:829)
==31565==    by 0x6DEBCED: dissect_ldss_transfer (packet-ldss.c:524)
==31565==    by 0x694939E: call_dissector_through_handle (packet.c:648)
==31565==    by 0x694939E: call_dissector_work (packet.c:723)
==31565==    by 0x693A625: try_conversation_dissector (conversation.c:1323)
==31565==    by 0x710409A: decode_tcp_ports (packet-tcp.c:4994)
==31565==    by 0x7104544: process_tcp_payload (packet-tcp.c:5098)
==31565==    by 0x7104C5E: desegment_tcp (packet-tcp.c:2631)
==31565==    by 0x7104C5E: dissect_tcp_payload (packet-tcp.c:5165)
==31565==    by 0x7106A18: dissect_tcp (packet-tcp.c:6036)
==31565==    by 0x694939E: call_dissector_through_handle (packet.c:648)
==31565==    by 0x694939E: call_dissector_work (packet.c:723)
==31565== 
==31565== 
==31565== HEAP SUMMARY:
==31565==     in use at exit: 448,288 bytes in 9,920 blocks
==31565==   total heap usage: 273,712 allocs, 263,792 frees, 33,216,273 bytes
allocated
==31565== 
==31565== LEAK SUMMARY:
==31565==    definitely lost: 1,567 bytes in 323 blocks
==31565==    indirectly lost: 362 bytes in 4 blocks
==31565==      possibly lost: 0 bytes in 0 blocks
==31565==    still reachable: 446,359 bytes in 9,593 blocks
==31565==         suppressed: 0 bytes in 0 blocks
==31565== Rerun with --leak-check=full to see details of leaked memory
==31565== 
==31565== For counts of detected and suppressed errors, rerun with: -v
==31565== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 1 from 1)

[ no debug trace ]

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to