https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14196
Bug ID: 14196
Summary: Buildbot crash output: fuzz-2017-11-09-30540.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2017-11-09-30540.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/111111.snoop
Build host information:
Linux wsbb04 4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
Buildbot information:
BUILDBOT_REPOSITORY=ssh://[email protected]:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4304
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=74936320a43c18a2ad538c8235e410f4912f6e4c
Return value: 0
Dissector bug: 0
Valgrind error count: 1
Git commit
commit 74936320a43c18a2ad538c8235e410f4912f6e4c
Author: Richard Sharpe <[email protected]>
Date: Thu Nov 9 02:44:36 2017 -0800
802.11: Correctly handle Wi-Fi Alliance Multi-AP subtype decoding.
Introduce a dissector table and fix a bug so that it now works
by calling through a dissector table.
Change-Id: Ifa3f01b3f306101b3144604a51806eaccc436373
Reviewed-on: https://code.wireshark.org/review/24319
Petri-Dish: Richard Sharpe <[email protected]>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <[email protected]>
==26043== Memcheck, a memory error detector
==26043== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==26043== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==26043== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2017-11-09-30540.pcap
==26043==
==26043== Invalid read of size 4
==26043== at 0x7347628: dissect_twamp_control (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C581C9: call_dissector_through_handle (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54209: call_dissector_work (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54017: dissector_try_uint_new (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F7701: decode_tcp_ports (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F8F58: process_tcp_payload (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F8615: desegment_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F7FC6: dissect_tcp_payload (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72FCC1B: dissect_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C581C9: call_dissector_through_handle (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54209: call_dissector_work (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54017: dissector_try_uint_new (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== Address 0x4 is not stack'd, malloc'd or (recently) free'd
==26043==
==26043==
==26043== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==26043== Access not within mapped region at address 0x4
==26043== at 0x7347628: dissect_twamp_control (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C581C9: call_dissector_through_handle (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54209: call_dissector_work (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54017: dissector_try_uint_new (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F7701: decode_tcp_ports (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F8F58: process_tcp_payload (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F8615: desegment_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72F7FC6: dissect_tcp_payload (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x72FCC1B: dissect_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C581C9: call_dissector_through_handle (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54209: call_dissector_work (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== by 0x7C54017: dissector_try_uint_new (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==26043== If you believe this happened as a result of a stack
==26043== overflow in your program's main thread (unlikely but
==26043== possible), you can try to increase the size of the
==26043== main thread stack using the --main-stacksize= flag.
==26043== The main thread stack size used in this run was 2084864.
==26043==
==26043== HEAP SUMMARY:
==26043== in use at exit: 51,090,392 bytes in 560,698 blocks
==26043== total heap usage: 2,164,552 allocs, 1,603,854 frees, 119,309,840
bytes allocated
==26043==
==26043== LEAK SUMMARY:
==26043== definitely lost: 0 bytes in 0 blocks
==26043== indirectly lost: 0 bytes in 0 blocks
==26043== possibly lost: 0 bytes in 0 blocks
==26043== still reachable: 50,874,773 bytes in 559,887 blocks
==26043== suppressed: 215,619 bytes in 811 blocks
==26043== Rerun with --leak-check=full to see details of leaked memory
==26043==
==26043== For counts of detected and suppressed errors, rerun with: -v
==26043== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
./tools/valgrind-wireshark.sh: line 149: 26043 Segmentation fault (core
dumped) $cmdline > /dev/null
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:[email protected]?subject=unsubscribe
