https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14496
Bug ID: 14496
Summary: Buildbot crash output: fuzz-2018-03-07-19095.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: buildbot-do-not-re...@wireshark.org
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2018-03-07-19095.pcap
stderr:
Input file: /home/wireshark/menagerie/menagerie/0000.cap
Build host information:
Linux wsbb04 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4652
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=1592587e6f9fd8c8aa8fc7f67989690d0c6882c4
Return value: 0
Dissector bug: 0
Valgrind error count: 6
Git commit
commit 1592587e6f9fd8c8aa8fc7f67989690d0c6882c4
Author: Pascal Quantin <pascal.quan...@gmail.com>
Date: Wed Mar 7 17:40:56 2018 +0100
LWAPP: define a recursion depth limit
Altough the dissection consumes a few ytes each time it is called,
it can trigger a stack overflow for big packets.
Let's limmit the number of allowed encapsulation for a given packet.
Bug: 14467
Change-Id: I73e82e01810b63a4f603907e69b20f3715a4ad55
Reviewed-on: https://code.wireshark.org/review/26338
Reviewed-by: Pascal Quantin <pascal.quan...@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quan...@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broma...@gmail.com>
==19138== Memcheck, a memory error detector
==19138== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==19138== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==19138== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2018-03-07-19095.pcap
==19138==
==19138== Conditional jump or move depends on uninitialised value(s)
==19138== at 0x4C30F78: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19138== by 0x7D87DD3: process_mmdbr_stdout (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D887C0: mmdb_resolve_start (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D87C23: maxmind_db_post_update_cb (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7E0D274: uat_load (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DF683E: uat_load_all (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3B7A: init_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3C01: read_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D7EB71: epan_load_settings (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x11A2B0: main (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark)
==19138==
==19138== Conditional jump or move depends on uninitialised value(s)
==19138== at 0x4C3548F: strstr (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19138== by 0xB8DAB77: g_strsplit (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==19138== by 0x7D87DFC: process_mmdbr_stdout (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D887C0: mmdb_resolve_start (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D87C23: maxmind_db_post_update_cb (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7E0D274: uat_load (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DF683E: uat_load_all (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3B7A: init_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3C01: read_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D7EB71: epan_load_settings (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x11A2B0: main (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark)
==19138==
==19138== Conditional jump or move depends on uninitialised value(s)
==19138== at 0x4C30F69: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19138== by 0xB8D94E2: g_strdup (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==19138== by 0xB8DAC3E: g_strsplit (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==19138== by 0x7D87DFC: process_mmdbr_stdout (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D887C0: mmdb_resolve_start (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D87C23: maxmind_db_post_update_cb (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7E0D274: uat_load (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DF683E: uat_load_all (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3B7A: init_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3C01: read_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D7EB71: epan_load_settings (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x11A2B0: main (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark)
==19138==
==19138== Conditional jump or move depends on uninitialised value(s)
==19138== at 0x4C30F69: strlen (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19138== by 0x7D87E3C: process_mmdbr_stdout (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D887C0: mmdb_resolve_start (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D87C23: maxmind_db_post_update_cb (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7E0D274: uat_load (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DF683E: uat_load_all (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3B7A: init_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3C01: read_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D7EB71: epan_load_settings (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x11A2B0: main (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark)
==19138==
==19138== Conditional jump or move depends on uninitialised value(s)
==19138== at 0x4C30A0A: __GI_strchr (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19138== by 0x7D87E4C: process_mmdbr_stdout (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D887C0: mmdb_resolve_start (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D87C23: maxmind_db_post_update_cb (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7E0D274: uat_load (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DF683E: uat_load_all (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3B7A: init_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3C01: read_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D7EB71: epan_load_settings (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x11A2B0: main (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark)
==19138==
==19138== Conditional jump or move depends on uninitialised value(s)
==19138== at 0x4C30A10: __GI_strchr (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19138== by 0x7D87E4C: process_mmdbr_stdout (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D887C0: mmdb_resolve_start (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D87C23: maxmind_db_post_update_cb (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7E0D274: uat_load (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DF683E: uat_load_all (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3B7A: init_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7DA3C01: read_prefs (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x7D7EB71: epan_load_settings (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/lib/libwireshark.so.0.0.0)
==19138== by 0x11A2B0: main (in
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark)
==19138==
==19138==
==19138== HEAP SUMMARY:
==19138== in use at exit: 107,551 bytes in 138 blocks
==19138== total heap usage: 332,514 allocs, 332,376 frees, 38,554,395 bytes
allocated
==19138==
==19138== LEAK SUMMARY:
==19138== definitely lost: 0 bytes in 0 blocks
==19138== indirectly lost: 0 bytes in 0 blocks
==19138== possibly lost: 0 bytes in 0 blocks
==19138== still reachable: 12,956 bytes in 95 blocks
==19138== suppressed: 94,595 bytes in 43 blocks
==19138== Rerun with --leak-check=full to see details of leaked memory
==19138==
==19138== For counts of detected and suppressed errors, rerun with: -v
==19138== Use --track-origins=yes to see where uninitialised values come from
==19138== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 0 from 0)
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe