[Wireshark-bugs] [Bug 14515] New: Buildbot crash output: fuzz-2018-03-08-26241.pcap

bugzilla-daemon Thu, 08 Mar 2018 15:41:09 -0800

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14515


            Bug ID: 14515
           Summary: Buildbot crash output: fuzz-2018-03-08-26241.pcap
           Product: Wireshark
           Version: unspecified
          Hardware: x86-64
                OS: Ubuntu
            Status: CONFIRMED
          Severity: Major
          Priority: High
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: buildbot-do-not-re...@wireshark.org
  Target Milestone: ---

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2018-03-08-26241.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/10606-9p.pcap.gz

Build host information:
Linux wsbb04 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.4 LTS
Release:        16.04
Codename:       xenial

Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4669
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=5f35b041c2d731297cdd4d780d029743fd49b9b4

Return value:  0

Dissector bug:  0

Valgrind error count:  0



Git commit
commit 5f35b041c2d731297cdd4d780d029743fd49b9b4
Author: Gerald Combs <ger...@wireshark.org>
Date:   Thu Mar 8 13:31:23 2018 -0800

    MaxMind DB fixups.

    Make sure the text we read is null terminated. Properly strip our lines
    and chunked strings. Copy over cast and strtod fixes from change 26347.

    Change-Id: I0695e35c446c1bd277c53b458b07e428cdd90fb8
    Reviewed-on: https://code.wireshark.org/review/26370
    Petri-Dish: Gerald Combs <ger...@wireshark.org>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Gerald Combs <ger...@wireshark.org>


=================================================================
==31709==ERROR: AddressSanitizer: heap-use-after-free on address 0x61d000119ea8
at pc 0x563bd10789b5 bp 0x7ffdb8cce920 sp 0x7ffdb8cce0d0
READ of size 16 at 0x61d000119ea8 thread T0
    #0 0x563bd10789b4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0xf39b4)
    #1 0x7fb5c0435c93 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa765c93)
    #2 0x7fb5c03ae9d9 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa6de9d9)
    #3 0x7fb5c04a6291 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7d6291)
    #4 0x7fb5be5d1a06 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x8901a06)
    #5 0x7fb5be5d11e3 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x89011e3)
    #6 0x7fb5be5c7c4b 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x88f7c4b)
    #7 0x7fb5c04c6114 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
    #8 0x7fb5c04bb8a1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
    #9 0x7fb5c04c29ec 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f29ec)
    #10 0x7fb5c04b7bb4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e7bb4)
    #11 0x7fb5c04c2a31 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f2a31)
    #12 0x7fb5be576bf4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x88a6bf4)
    #13 0x7fb5c04c6114 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
    #14 0x7fb5c04bb8a1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
    #15 0x7fb5c04bb20a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb20a)
    #16 0x7fb5c04bbc69 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7ebc69)
    #17 0x7fb5be1a846a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x84d846a)
    #18 0x7fb5c04c6114 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
    #19 0x7fb5c04bb8a1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
    #20 0x7fb5c04c29ec 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f29ec)
    #21 0x7fb5c04b7bb4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e7bb4)
    #22 0x7fb5befc86ad 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x92f86ad)
    #23 0x7fb5c04c6114 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
    #24 0x7fb5c04bb8a1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
    #25 0x7fb5c04bb20a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb20a)
    #26 0x7fb5be25066f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0x858066f)
    #27 0x7fb5c04c6114 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f6114)
    #28 0x7fb5c04bb8a1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7eb8a1)
    #29 0x7fb5c04c29ec 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7f29ec)
    #30 0x7fb5c04b7bb4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e7bb4)
    #31 0x7fb5c04b73b4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7e73b4)
    #32 0x7fb5c0488d38 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwireshark.so.0+0xa7b8d38)
    #33 0x563bd10f2ce3 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16dce3)
    #34 0x563bd10eee24 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x169e24)
    #35 0x563bd10e989a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16489a)
    #36 0x7fb5b3d4282f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #37 0x563bd0fe0ac8 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x5bac8)

0x61d000119ea8 is located 40 bytes inside of 2048-byte region
[0x61d000119e80,0x61d00011a680)
freed by thread T0 here:
    #0 0x563bd10a1a58 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11ca58)
    #1 0x7fb5b47767d7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f7d7)
    #2 0x7fb5b5291798 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x1f3798)
    #3 0x7fb5b522d7ba 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x18f7ba)
    #4 0x7fb5b522048f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x18248f)
    #5 0x7fb5b5220e6f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x182e6f)
    #6 0x7fb5b5291084 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x1f3084)
    #7 0x563bd10eec8d 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x169c8d)
    #8 0x563bd10e989a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16489a)
    #9 0x7fb5b3d4282f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x563bd10a15f8 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11c5f8)
    #1 0x7fb5b4776718  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4f718)
    #2 0x7fb5b513b853 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/lib/libwiretap.so.0+0x9d853)
    #3 0x563bd10ec9be 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x1679be)
    #4 0x563bd10e9315 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x164315)
    #5 0x7fb5b3d4282f  (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-use-after-free
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0xf39b4)
 
Shadow bytes around the buggy address:
  0x0c3a8001b380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8001b390: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8001b3a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8001b3b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3a8001b3c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c3a8001b3d0: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
  0x0c3a8001b3e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8001b3f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8001b400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8001b410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3a8001b420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==31709==ABORTING

[ no debug trace ]

-- 
You are receiving this mail because:
You are watching all bug changes.

___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14515] New: Buildbot crash output: fuzz-2018-03-08-26241.pcap

Reply via email to