https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15204
Bug ID: 15204
Summary: Buildbot crash output: fuzz-2018-10-13-4307.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: buildbot-do-not-re...@wireshark.org
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2018-10-13-4307.pcap
stderr:
Input file:
/home/wireshark/menagerie/menagerie/16178-6e838a14864747c946e547477576df86.pcap
Build host information:
Linux wsbb04 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Buildbot information:
BUILDBOT_WORKERNAME=fuzz-test
BUILDBOT_BUILDNUMBER=145
BUILDBOT_BUILDERNAME=Fuzz Test
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-2.4/
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_GOT_REVISION=c5a65115ebab55cfd5ce0a855c2256e01cab6449
Return value: 0
Dissector bug: 0
Valgrind error count: 1
Git commit
commit c5a65115ebab55cfd5ce0a855c2256e01cab6449
Author: Peter Wu <pe...@lekensteyn.nl>
Date: Thu Oct 11 13:04:03 2018 +0200
DCOM: always NUL-terminate dissect_dcom_BSTR results
All of the six users in plugins/epan/profinet/packet-dcom-cba.c expect
the string to be NUL-terminated, so ensure this to avoid reading
uninitialized memory for the Info column.
Bug: 15130
Change-Id: Ibc922068d14b87ce324af3cec22a5f8343088b40
Reviewed-on: https://code.wireshark.org/review/30128
Petri-Dish: Peter Wu <pe...@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broma...@gmail.com>
(cherry picked from commit ec6ace066ae4c889d4c18a0a38a8c6053483877b)
Reviewed-on: https://code.wireshark.org/review/30159
Reviewed-by: Peter Wu <pe...@lekensteyn.nl>
Command and args: ./tools/valgrind-wireshark.sh -b
/home/wireshark/builders/wireshark-2.4-fuzz/fuzztest/install/bin
==1452== Memcheck, a memory error detector
==1452== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1452== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==1452== Command:
/home/wireshark/builders/wireshark-2.4-fuzz/fuzztest/install/bin/tshark -nr
/fuzz/buildbot/fuzztest/valgrind-fuzz-2.4/fuzz-2018-10-13-4307.pcap
==1452==
==1452== Invalid read of size 4
==1452== at 0x6D47C1F: enip_open_cip_connection (packet-enip.c:1092)
==1452== by 0x6D47C1F: dissect_cpf (packet-enip.c:2601)
==1452== by 0x6D48476: dissect_enip_pdu (packet-enip.c:2800)
==1452== by 0x728A913: tcp_dissect_pdus (packet-tcp.c:3531)
==1452== by 0x6D463EA: dissect_enip_tcp (packet-enip.c:2846)
==1452== by 0x6A77DB7: call_dissector_through_handle (packet.c:684)
==1452== by 0x6A77DB7: call_dissector_work (packet.c:759)
==1452== by 0x6A786BB: dissector_try_uint_new (packet.c:1336)
==1452== by 0x728AF9F: decode_tcp_ports (packet-tcp.c:5485)
==1452== by 0x728B2F1: process_tcp_payload (packet-tcp.c:5548)
==1452== by 0x728BA7B: desegment_tcp (packet-tcp.c:3049)
==1452== by 0x728BA7B: dissect_tcp_payload (packet-tcp.c:5621)
==1452== by 0x728D33D: dissect_tcp (packet-tcp.c:6516)
==1452== by 0x6A77DB7: call_dissector_through_handle (packet.c:684)
==1452== by 0x6A77DB7: call_dissector_work (packet.c:759)
==1452== by 0x6A786BB: dissector_try_uint_new (packet.c:1336)
==1452== Address 0x175640be is 30 bytes inside a block of size 2,048 free'd
==1452== at 0x4C31D2F: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1452== by 0xA68498F: g_realloc (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.2)
==1452== by 0xA41BA74: ws_buffer_assure_space (buffer.c:104)
==1452== by 0x4E82EF4: wtap_read_packet_bytes (wtap.c:1358)
==1452== by 0x4E7518B: pcapng_read_packet_block.isra.8 (pcapng.c:1210)
==1452== by 0x4E77323: pcapng_read_block (pcapng.c:2331)
==1452== by 0x4E78222: pcapng_read (pcapng.c:2546)
==1452== by 0x4E82D57: wtap_read (wtap.c:1251)
==1452== by 0x120EB7: process_cap_file (tshark.c:3309)
==1452== by 0x120EB7: real_main (tshark.c:1993)
==1452== by 0xB385B96: (below main) (libc-start.c:310)
==1452== Block was alloc'd at
==1452== at 0x4C2FB0F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1452== by 0xA6848D8: g_malloc (in
/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.5600.2)
==1452== by 0xA41B986: ws_buffer_init (buffer.c:42)
==1452== by 0x4E578CA: wtap_open_offline (file_access.c:1110)
==1452== by 0x11ED64: cf_open (tshark.c:3963)
==1452== by 0x120A33: real_main (tshark.c:1980)
==1452== by 0xB385B96: (below main) (libc-start.c:310)
==1452==
==1452==
==1452== HEAP SUMMARY:
==1452== in use at exit: 47,608 bytes in 160 blocks
==1452== total heap usage: 283,509 allocs, 283,349 frees, 39,460,873 bytes
allocated
==1452==
==1452== LEAK SUMMARY:
==1452== definitely lost: 40 bytes in 1 blocks
==1452== indirectly lost: 16 bytes in 1 blocks
==1452== possibly lost: 0 bytes in 0 blocks
==1452== still reachable: 39,367 bytes in 75 blocks
==1452== suppressed: 8,185 bytes in 83 blocks
==1452== Rerun with --leak-check=full to see details of leaked memory
==1452==
==1452== For counts of detected and suppressed errors, rerun with: -v
==1452== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
