https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14975
Bug ID: 14975
Summary: Buildbot crash output: fuzz-2018-07-14-18495.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: buildbot-do-not-re...@wireshark.org
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2018-07-14-18495.pcap
stderr:
Input file:
/home/wireshark/menagerie/menagerie/16483-clusterfuzz-testcase-minimized-fuzzshark_ip_proto-udp-4797394456674304.pcap
Build host information:
Linux wsbb04 4.4.0-130-generic #156-Ubuntu SMP Thu Jun 14 08:53:28 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial
Buildbot information:
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4825
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_GOT_REVISION=4f7c8503b0924cc64b9298bf0b4a32275cceab38
Return value: 0
Dissector bug: 0
Valgrind error count: 1
Git commit
commit 4f7c8503b0924cc64b9298bf0b4a32275cceab38
Author: Matthieu Coudron <matta...@gmail.com>
Date: Thu Jul 5 16:16:51 2018 +0900
wmem_tree: describe tree traversal order
it is an inorder traversal (left/parent/right).
Change-Id: Ia83efdfd45dab8c8386d84b3050af081312fde85
Reviewed-on: https://code.wireshark.org/review/28688
Petri-Dish: Roland Knall <rkn...@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rkn...@gmail.com>
Reviewed-by: Anders Broman <a.broma...@gmail.com>
Command and args: ./tools/valgrind-wireshark.sh -b
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin
==23230== Memcheck, a memory error detector
==23230== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==23230== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==23230== Command:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.plain/bin/tshark
-nr /fuzz/buildbot/clangcodeanalysis/valgrind-fuzz/fuzz-2018-07-14-18495.pcap
==23230==
==23230== Invalid read of size 8
==23230== at 0x6C4AB21: dissect_optrsp (packet-docsis-macmgmt.c:6425)
==23230== by 0x7F21ED7: call_dissector_through_handle (packet.c:692)
==23230== by 0x7F1DD49: call_dissector_work (packet.c:777)
==23230== by 0x7F1DB57: dissector_try_uint_new (packet.c:1359)
==23230== by 0x7F1DE89: dissector_try_uint (packet.c:1383)
==23230== by 0x6C4564E: dissect_macmgmt (packet-docsis-macmgmt.c:6527)
==23230== by 0x7F21ED7: call_dissector_through_handle (packet.c:692)
==23230== by 0x7F1DD49: call_dissector_work (packet.c:777)
==23230== by 0x7F20B82: call_dissector_only (packet.c:3090)
==23230== by 0x7F1C7D4: call_dissector_with_data (packet.c:3103)
==23230== by 0x7F20BC1: call_dissector (packet.c:3120)
==23230== by 0x6C43865: dissect_docsis (packet-docsis.c:668)
==23230== Address 0x28 is not stack'd, malloc'd or (recently) free'd
==23230==
==23230==
==23230== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==23230== Access not within mapped region at address 0x28
==23230== at 0x6C4AB21: dissect_optrsp (packet-docsis-macmgmt.c:6425)
==23230== by 0x7F21ED7: call_dissector_through_handle (packet.c:692)
==23230== by 0x7F1DD49: call_dissector_work (packet.c:777)
==23230== by 0x7F1DB57: dissector_try_uint_new (packet.c:1359)
==23230== by 0x7F1DE89: dissector_try_uint (packet.c:1383)
==23230== by 0x6C4564E: dissect_macmgmt (packet-docsis-macmgmt.c:6527)
==23230== by 0x7F21ED7: call_dissector_through_handle (packet.c:692)
==23230== by 0x7F1DD49: call_dissector_work (packet.c:777)
==23230== by 0x7F20B82: call_dissector_only (packet.c:3090)
==23230== by 0x7F1C7D4: call_dissector_with_data (packet.c:3103)
==23230== by 0x7F20BC1: call_dissector (packet.c:3120)
==23230== by 0x6C43865: dissect_docsis (packet-docsis.c:668)
==23230== If you believe this happened as a result of a stack
==23230== overflow in your program's main thread (unlikely but
==23230== possible), you can try to increase the size of the
==23230== main thread stack using the --main-stacksize= flag.
==23230== The main thread stack size used in this run was 2084864.
==23230==
==23230== HEAP SUMMARY:
==23230== in use at exit: 25,345,200 bytes in 287,555 blocks
==23230== total heap usage: 334,048 allocs, 46,493 frees, 38,703,953 bytes
allocated
==23230==
==23230== LEAK SUMMARY:
==23230== definitely lost: 0 bytes in 0 blocks
==23230== indirectly lost: 0 bytes in 0 blocks
==23230== possibly lost: 0 bytes in 0 blocks
==23230== still reachable: 25,113,605 bytes in 286,512 blocks
==23230== of which reachable via heuristic:
==23230== newarray : 1,536 bytes in 16 blocks
==23230== suppressed: 231,595 bytes in 1,043 blocks
==23230== Rerun with --leak-check=full to see details of leaked memory
==23230==
==23230== For counts of detected and suppressed errors, rerun with: -v
==23230== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe