[Wireshark-bugs] [Bug 15328] New: Buildbot crash output: fuzz-2018-12-04-17880.pcap

Tue, 04 Dec 2018 12:40:17 -0800 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15328

            Bug ID: 15328
           Summary: Buildbot crash output: fuzz-2018-12-04-17880.pcap
           Product: Wireshark
           Version: unspecified
          Hardware: x86-64
                OS: Ubuntu
            Status: CONFIRMED
          Severity: Major
          Priority: High
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: buildbot-do-not-re...@wireshark.org
  Target Milestone: ---

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2018-12-04-17880.pcap

stderr:
Input file: /home/wireshark/menagerie/menagerie/11778-bug2630_dump.pcap.gz

Build host information:
Linux wsbb04 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:32:57 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.1 LTS
Release:        18.04
Codename:       bionic

Buildbot information:
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4956
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_GOT_REVISION=011ca1ed9b58c458a0b5d664b12ecbf439057280

Return value:  0

Dissector bug:  0

Valgrind error count:  0



Git commit
commit 011ca1ed9b58c458a0b5d664b12ecbf439057280
Author: Pascal Quantin <pascal.quan...@gmail.com>
Date:   Tue Dec 4 18:44:50 2018 +0100

    KRB5: update auto generated file

    Change-Id: Ie78cc2609cd117622eb0e0e900d6e4e1a29efd2b
    Reviewed-on: https://code.wireshark.org/review/30915
    Reviewed-by: Pascal Quantin <pascal.quan...@gmail.com>


Command and args:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark
 -nVxr
=================================================================
==30078==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7ffd88fd1bb0 at pc 0x559e0c54fd82 bp 0x7ffd88fcffd0 sp 0x7ffd88fcf780
READ of size 32 at 0x7ffd88fd1bb0 thread T0
    #0 0x559e0c54fd81 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11ad81)
    #1 0x7f6e63040fc2 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb26efc2)
    #2 0x7f6e6190cc57 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9b3ac57)
    #3 0x7f6e619ff19e 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9c2d19e)
    #4 0x7f6e61a01295 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9c2f295)
    #5 0x7f6e63170164 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e164)
    #6 0x7f6e631655e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3935e1)
    #7 0x7f6e63166691 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb394691)
    #8 0x7f6e63166760 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb394760)
    #9 0x7f6e61a7c327 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9caa327)
    #10 0x7f6e61a7106d 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9c9f06d)
    #11 0x7f6e63170164 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e164)
    #12 0x7f6e631655e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3935e1)
    #13 0x7f6e63164f4a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb392f4a)
    #14 0x7f6e631659a9 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3939a9)
    #15 0x7f6e61df8300 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xa026300)
    #16 0x7f6e61e01d97 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xa02fd97)
    #17 0x7f6e61dfb38f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xa02938f)
    #18 0x7f6e63170164 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e164)
    #19 0x7f6e631655e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3935e1)
    #20 0x7f6e63164f4a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb392f4a)
    #21 0x7f6e60fc2694 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x91f0694)
    #22 0x7f6e60fc9553 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x91f7553)
    #23 0x7f6e63170164 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e164)
    #24 0x7f6e631655e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3935e1)
    #25 0x7f6e63164f4a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb392f4a)
    #26 0x7f6e631659a9 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3939a9)
    #27 0x7f6e60bacdfa 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8ddadfa)
    #28 0x7f6e63170164 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e164)
    #29 0x7f6e631655e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3935e1)
    #30 0x7f6e6316c9ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39a9ac)
    #31 0x7f6e63161814 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb38f814)
    #32 0x7f6e60baa4f4 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8dd84f4)
    #33 0x7f6e60ba5f63 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8dd3f63)
    #34 0x7f6e63170164 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e164)
    #35 0x7f6e631655e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3935e1)
    #36 0x7f6e63164f4a 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb392f4a)
    #37 0x7f6e60c67350 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8e95350)
    #38 0x7f6e63170164 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e164)
    #39 0x7f6e631655e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3935e1)
    #40 0x7f6e6316c9ac 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39a9ac)
    #41 0x7f6e63161814 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb38f814)
    #42 0x7f6e63161015 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb38f015)
    #43 0x7f6e63131138 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb35f138)
    #44 0x559e0c59e9e1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x1699e1)
    #45 0x559e0c5a257f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16d57f)
    #46 0x559e0c59abcb 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x165bcb)
    #47 0x559e0c593ce1 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x15ece1)
    #48 0x7f6e55d88b96  (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #49 0x559e0c490fe9 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x5bfe9)

Address 0x7ffd88fd1bb0 is located in stack of thread T0 at offset 688 in frame
    #0 0x7f6e61a7288f 
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9ca088f)

  This frame has 16 object(s):
    [32, 36) 'next_offset' (line 3320)
    [48, 52) 'content_length' (line 3321)
    [64, 68) 'token_1_len' (line 3327)
    [80, 84) 'current_method_idx' (line 3328)
    [96, 97) 'contacts_expires_0' (line 3335)
    [112, 113) 'contacts_expires_unknown' (line 3335)
    [128, 144) 'cseq_method' (line 3338)
    [160, 288) 'call_id' (line 3339)
    [320, 344) 'message_info' (line 3341)
    [384, 388) 'response_time' (line 3345)
    [400, 408) 'hdtbl_entry' (line 3347)
    [432, 492) 'uri_offsets' (line 3548)
    [528, 536) 'ti_c' (line 3604)
    [560, 564) 'retry' (line 3927)
    [576, 656) 'authorization_info' (line 4269)
    [688, 720) 'setup_info' (line 4706) <== Memory access at offset 688 is
inside this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11ad81)
 
Shadow bytes around the buggy address:
  0x1000311f2320: f1 f1 f1 f1 04 f2 04 f2 04 f2 04 f2 01 f2 01 f2
  0x1000311f2330: 00 00 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000311f2340: 00 00 00 00 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2
  0x1000311f2350: 04 f2 00 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2
  0x1000311f2360: f2 f2 f8 f2 f2 f2 f8 f2 f8 f8 f8 f8 f8 f8 f8 f8
=>0x1000311f2370: f8 f8 f2 f2 f2 f2[f8]f8 f8 f8 f3 f3 f3 f3 f3 f3
  0x1000311f2380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000311f2390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000311f23a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000311f23b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1000311f23c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==30078==ABORTING

[ no debug trace ]

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to