https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14391

            Bug ID: 14391
           Summary: Buildbot crash output: fuzz-2018-02-04-3783.pcap
           Product: Wireshark
           Version: unspecified
          Hardware: x86-64
                OS: Ubuntu
            Status: CONFIRMED
          Severity: Major
          Priority: High
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: buildbot-do-not-re...@wireshark.org
  Target Milestone: ---

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2018-02-04-3783.pcap

stderr:
Input file:
/home/wireshark/menagerie/menagerie/11462-WSTEST2_MQExplorer_20130826_1411_onlyMQ.pcap

Build host information:
Linux wsbb04 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4604
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=3aff56076167c5ea8fbed9eba32b0f81b6fe3aca

Return value:  0

Dissector bug:  0

Valgrind error count:  6



Git commit
commit 3aff56076167c5ea8fbed9eba32b0f81b6fe3aca
Author: Robert Grange <robioneken...@bluewin.ch>
Date:   Sat Feb 3 12:09:11 2018 +0100

    packet-mq: Fix problem in get_mq_pdu_len

    Found during fuzz test that the get_mq_pdu_len can return
    a 0 length pdu. Fix to at least return tvb_reported_length_remaining

    Change-Id: I6410f71724a6288fe42a4f600e72a8af787aa7eb
    Reviewed-on: https://code.wireshark.org/review/25574
    Petri-Dish: Martin Kaiser <wiresh...@kaiser.cx>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Martin Kaiser <wiresh...@kaiser.cx>


==27865== Memcheck, a memory error detector
==27865== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==27865== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==27865== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2018-02-04-3783.pcap
==27865== 

** (process:27865): WARNING **: Extended value string 'mq_StructID_vals' forced
to fall back to linear search:
  entry 51, value 3335968705 [0xc6d6d7c1] < previous entry, value 3569665344
[0xd4c4c540]
==27865== Conditional jump or move depends on uninitialised value(s)
==27865==    at 0x6F9DE4F: strip_trailing_blanks (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x6FA3FD6: dissect_mq_pdu (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x6FA1FC4: reassemble_mq (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73C9DAC: tcp_dissect_pdus (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x6FA12CF: dissect_mq_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D3D957: call_dissector_through_handle (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D397D9: call_dissector_work (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D3C612: call_dissector_only (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D20E08: try_conversation_dissector (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73CA023: decode_tcp_ports (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73CBA78: process_tcp_payload (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73CB135: desegment_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865== 
==27865== Conditional jump or move depends on uninitialised value(s)
==27865==    at 0x6F9DE64: strip_trailing_blanks (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x6FA3FD6: dissect_mq_pdu (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x6FA1FC4: reassemble_mq (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73C9DAC: tcp_dissect_pdus (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x6FA12CF: dissect_mq_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D3D957: call_dissector_through_handle (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D397D9: call_dissector_work (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D3C612: call_dissector_only (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x7D20E08: try_conversation_dissector (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73CA023: decode_tcp_ports (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73CBA78: process_tcp_payload (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865==    by 0x73CB135: desegment_tcp (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==27865== 
==27865== 
==27865== HEAP SUMMARY:
==27865==     in use at exit: 107,991 bytes in 141 blocks
==27865==   total heap usage: 712,752 allocs, 712,611 frees, 61,220,203 bytes
allocated
==27865== 
==27865== LEAK SUMMARY:
==27865==    definitely lost: 0 bytes in 0 blocks
==27865==    indirectly lost: 0 bytes in 0 blocks
==27865==      possibly lost: 0 bytes in 0 blocks
==27865==    still reachable: 13,396 bytes in 98 blocks
==27865==         suppressed: 94,595 bytes in 43 blocks
==27865== Rerun with --leak-check=full to see details of leaked memory
==27865== 
==27865== For counts of detected and suppressed errors, rerun with: -v
==27865== Use --track-origins=yes to see where uninitialised values come from
==27865== ERROR SUMMARY: 6 errors from 2 contexts (suppressed: 0 from 0)

[ no debug trace ]

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to