https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15330
Bug ID: 15330
Summary: Buildbot crash output: fuzz-2018-12-05-24456.pcap
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Ubuntu
Status: CONFIRMED
Severity: Major
Priority: High
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: buildbot-do-not-re...@wireshark.org
Target Milestone: ---
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2018-12-05-24456.pcap
stderr:
Input file:
/home/wireshark/menagerie/menagerie/11535-6db8fc73788e92e859fcdf29363e41a2_173.226.228.101.pcap
Build host information:
Linux wsbb04 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:32:57 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
Buildbot information:
BUILDBOT_WORKERNAME=clang-code-analysis
BUILDBOT_BUILDNUMBER=4958
BUILDBOT_BUILDERNAME=Clang Code Analysis
BUILDBOT_URL=http://buildbot.wireshark.org/wireshark-master/
BUILDBOT_REPOSITORY=ssh://wireshark-build...@code.wireshark.org:29418/wireshark
BUILDBOT_GOT_REVISION=b618ece9b78803ece7382b166936908eb342541b
Return value: 0
Dissector bug: 0
Valgrind error count: 0
Git commit
commit b618ece9b78803ece7382b166936908eb342541b
Author: Gerald Combs <ger...@wireshark.org>
Date: Tue Dec 4 17:48:50 2018 -0800
Debian: Add missing symbols.
Change-Id: Id05eb1e6060d60892ffdd65aa5a2e0aad42215f0
Reviewed-on: https://code.wireshark.org/review/30917
Reviewed-by: Gerald Combs <ger...@wireshark.org>
Petri-Dish: Gerald Combs <ger...@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broma...@gmail.com>
Command and args:
/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark
-nVxr
=================================================================
==22186==ERROR: AddressSanitizer: stack-use-after-scope on address
0x7ffd72c85430 at pc 0x55f96f107d82 bp 0x7ffd72c83850 sp 0x7ffd72c83000
READ of size 32 at 0x7ffd72c85430 thread T0
#0 0x55f96f107d81
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11ad81)
#1 0x7f5f6d3660e2
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb26f0e2)
#2 0x7f5f6bc31d77
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9b3ad77)
#3 0x7f5f6bd242be
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9c2d2be)
#4 0x7f5f6bd263b5
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9c2f3b5)
#5 0x7f5f6d495284
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e284)
#6 0x7f5f6d48a701
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393701)
#7 0x7f5f6d48b7b1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb3947b1)
#8 0x7f5f6d48b880
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb394880)
#9 0x7f5f6bda1447
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9caa447)
#10 0x7f5f6bd9618d
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9c9f18d)
#11 0x7f5f6d495284
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e284)
#12 0x7f5f6d48a701
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393701)
#13 0x7f5f6d48a06a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39306a)
#14 0x7f5f6d48aac9
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393ac9)
#15 0x7f5f6c11d420
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xa026420)
#16 0x7f5f6c126eb7
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xa02feb7)
#17 0x7f5f6c1204af
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xa0294af)
#18 0x7f5f6d495284
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e284)
#19 0x7f5f6d48a701
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393701)
#20 0x7f5f6d48a06a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39306a)
#21 0x7f5f6b2e77b4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x91f07b4)
#22 0x7f5f6b2ee673
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x91f7673)
#23 0x7f5f6d495284
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e284)
#24 0x7f5f6d48a701
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393701)
#25 0x7f5f6d48a06a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39306a)
#26 0x7f5f6d48aac9
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393ac9)
#27 0x7f5f6aed1dfa
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8ddadfa)
#28 0x7f5f6d495284
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e284)
#29 0x7f5f6d48a701
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393701)
#30 0x7f5f6d491acc
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39aacc)
#31 0x7f5f6d486934
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb38f934)
#32 0x7f5f6aecf4f4
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8dd84f4)
#33 0x7f5f6aecaf63
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8dd3f63)
#34 0x7f5f6d495284
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e284)
#35 0x7f5f6d48a701
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393701)
#36 0x7f5f6d48a06a
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39306a)
#37 0x7f5f6af8c350
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x8e95350)
#38 0x7f5f6d495284
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39e284)
#39 0x7f5f6d48a701
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb393701)
#40 0x7f5f6d491acc
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb39aacc)
#41 0x7f5f6d486934
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb38f934)
#42 0x7f5f6d486135
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb38f135)
#43 0x7f5f6d456258
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0xb35f258)
#44 0x55f96f1569e1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x1699e1)
#45 0x55f96f15a57f
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x16d57f)
#46 0x55f96f152bcb
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x165bcb)
#47 0x55f96f14bce1
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x15ece1)
#48 0x7f5f600adb96 (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
#49 0x55f96f048fe9
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x5bfe9)
Address 0x7ffd72c85430 is located in stack of thread T0 at offset 688 in frame
#0 0x7f5f6bd979af
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/../lib/libwireshark.so.0+0x9ca09af)
This frame has 16 object(s):
[32, 36) 'next_offset' (line 3320)
[48, 52) 'content_length' (line 3321)
[64, 68) 'token_1_len' (line 3327)
[80, 84) 'current_method_idx' (line 3328)
[96, 97) 'contacts_expires_0' (line 3335)
[112, 113) 'contacts_expires_unknown' (line 3335)
[128, 144) 'cseq_method' (line 3338)
[160, 288) 'call_id' (line 3339)
[320, 344) 'message_info' (line 3341)
[384, 388) 'response_time' (line 3345)
[400, 408) 'hdtbl_entry' (line 3347)
[432, 492) 'uri_offsets' (line 3548)
[528, 536) 'ti_c' (line 3604)
[560, 564) 'retry' (line 3927)
[576, 656) 'authorization_info' (line 4269)
[688, 720) 'setup_info' (line 4706) <== Memory access at offset 688 is
inside this variable
HINT: this may be a false positive if your program uses some custom stack
unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope
(/home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/install.asan/bin/tshark+0x11ad81)
Shadow bytes around the buggy address:
0x10002e588a30: f1 f1 f1 f1 04 f2 04 f2 04 f2 04 f2 01 f2 01 f2
0x10002e588a40: 00 00 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
0x10002e588a50: 00 00 00 00 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2
0x10002e588a60: 04 f2 00 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2
0x10002e588a70: f2 f2 f8 f2 f2 f2 f8 f2 f8 f8 f8 f8 f8 f8 f8 f8
=>0x10002e588a80: f8 f8 f2 f2 f2 f2[f8]f8 f8 f8 f3 f3 f3 f3 f3 f3
0x10002e588a90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002e588aa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002e588ab0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002e588ac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10002e588ad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==22186==ABORTING
[ no debug trace ]
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
