Fuzz job crash output: fuzz-2022-01-19-7399.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2022-01-19-7399.pcap
stderr:
Branch: HEAD
Input file: /var/menagerie/menagerie/issue-17878-capture14.pcapng
Build host information:
Linux 5.4.0-94-generic #106-Ubuntu SMP Thu Jan 6 23:58:14 UTC 2022 x86_64
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
Branch: master
CI job name: Valgrind Menagerie Fuzz, ID: 1989978556
Return value: 0
Dissector bug: 0
Valgrind error count: 71
Latest (but not necessarily the problem) commit:
c6de71552 GSM RP: fix dissection of SMS in 5G Nf interface
Command and args: ./tools/valgrind-wireshark.sh -b /builds/wireshark/wireshark/_install/bin -T
==17961== Memcheck, a memory error detector
==17961== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==17961== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==17961== Command: /builds/wireshark/wireshark/_install/bin/tshark -Vx -nr /tmp/fuzz/fuzz-2022-01-19-7399.pcap
==17961==
Running as user "root" and group "root". This could be dangerous.
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x483EF49: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==17961== by 0xC86A147: g_strdup (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
==17961== by 0x81D18A2: string_fvalue_set_string (ftype-string.c:40)
==17961== by 0x81C9B45: fvalue_set_string (ftypes.c:523)
==17961== by 0x825F34B: proto_tree_set_string (proto.c:5011)
==17961== by 0x82678AA: proto_tree_add_string (proto.c:4962)
==17961== by 0x709D489: dissect_ista_availability_window (packet-ieee80211.c:23826)
==17961== by 0x7079141: ieee80211_tag_element_id_extension (packet-ieee80211.c:29122)
==17961== by 0x823DF5A: call_dissector_through_handle (packet.c:757)
==17961== by 0x8239B88: call_dissector_work (packet.c:850)
==17961== by 0x8239963: dissector_try_uint_new (packet.c:1466)
==17961== by 0x7063BB8: add_tagged_field_with_validation (packet-ieee80211.c:25238)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==17961== by 0xC86A147: g_strdup (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
==17961== by 0x81D18A2: string_fvalue_set_string (ftype-string.c:40)
==17961== by 0x81C9B45: fvalue_set_string (ftypes.c:523)
==17961== by 0x825F34B: proto_tree_set_string (proto.c:5011)
==17961== by 0x82678AA: proto_tree_add_string (proto.c:4962)
==17961== by 0x709D489: dissect_ista_availability_window (packet-ieee80211.c:23826)
==17961== by 0x7079141: ieee80211_tag_element_id_extension (packet-ieee80211.c:29122)
==17961== by 0x823DF5A: call_dissector_through_handle (packet.c:757)
==17961== by 0x8239B88: call_dissector_work (packet.c:850)
==17961== by 0x8239963: dissector_try_uint_new (packet.c:1466)
==17961== by 0x7063BB8: add_tagged_field_with_validation (packet-ieee80211.c:25238)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x483EF49: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==17961== by 0x8290098: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==17961== by 0x8290098: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Use of uninitialised value of size 8
==17961== at 0x828F5E3: format_text_internal (strutil.c:209)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x828F6B6: format_text_internal (strutil.c:228)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x828F87E: format_text_internal (strutil.c:290)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x828F8A2: format_text_internal (strutil.c:294)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x828F8C6: format_text_internal (strutil.c:298)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x828F8EA: format_text_internal (strutil.c:302)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x828F90E: format_text_internal (strutil.c:306)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x828F70E: format_text_internal (strutil.c:239)
==17961== by 0x82900AA: format_text_string (strutil.c:548)
==17961== by 0x825FBA0: hfinfo_format_text (proto.c:1073)
==17961== by 0x826F075: proto_item_fill_label (proto.c:9270)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0xC86A9C1: g_strlcpy (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
==17961== by 0x827D5CB: label_concat (proto.c:8894)
==17961== by 0x8271B49: label_fill (proto.c:8943)
==17961== by 0x826F08E: proto_item_fill_label (proto.c:9271)
==17961== by 0x82400DD: proto_tree_print_node (print.c:188)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961==
==17961== Conditional jump or move depends on uninitialised value(s)
==17961== at 0x483EF58: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==17961== by 0xCA58E78: fputs (iofputs.c:33)
==17961== by 0x8246C0D: print_line_color_text (print_stream.c:354)
==17961== by 0x824690A: print_line_text (print_stream.c:385)
==17961== by 0x82463BA: print_line (print_stream.c:244)
==17961== by 0x8240130: proto_tree_print_node (print.c:194)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961==
==17961== Syscall param write(buf) points to uninitialised byte(s)
==17961== at 0xCAE421F: __libc_write (write.c:26)
==17961== by 0xCAE421F: write (write.c:24)
==17961== by 0xCA6500C: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1181)
==17961== by 0xCA66AD0: new_do_write (fileops.c:449)
==17961== by 0xCA66AD0: _IO_new_do_write (fileops.c:426)
==17961== by 0xCA66AD0: _IO_do_write@@GLIBC_2.2.5 (fileops.c:423)
==17961== by 0xCA65834: _IO_new_file_xsputn (fileops.c:1244)
==17961== by 0xCA65834: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1197)
==17961== by 0xCA58F0A: fputs (iofputs.c:38)
==17961== by 0x8246C0D: print_line_color_text (print_stream.c:354)
==17961== by 0x824690A: print_line_text (print_stream.c:385)
==17961== by 0x82463BA: print_line (print_stream.c:244)
==17961== by 0x8240130: proto_tree_print_node (print.c:194)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x8240337: proto_tree_print_node (print.c:243)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== Address 0x1565a41c is 3,308 bytes inside a block of size 4,096 alloc'd
==17961== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==17961== by 0xCA57E83: _IO_file_doallocate (filedoalloc.c:101)
==17961== by 0xCA6804F: _IO_doallocbuf (genops.c:347)
==17961== by 0xCA670AF: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:745)
==17961== by 0xCA65834: _IO_new_file_xsputn (fileops.c:1244)
==17961== by 0xCA65834: _IO_file_xsputn@@GLIBC_2.2.5 (fileops.c:1197)
==17961== by 0xCA58F0A: fputs (iofputs.c:38)
==17961== by 0x8246C0D: print_line_color_text (print_stream.c:354)
==17961== by 0x824690A: print_line_text (print_stream.c:385)
==17961== by 0x82463BA: print_line (print_stream.c:244)
==17961== by 0x8240130: proto_tree_print_node (print.c:194)
==17961== by 0x8256823: proto_tree_children_foreach (proto.c:761)
==17961== by 0x823FFDC: proto_tree_print (print.c:157)
==17961==
==17961==
==17961== HEAP SUMMARY:
==17961== in use at exit: 60,989 bytes in 421 blocks
==17961== total heap usage: 3,856,917 allocs, 3,856,496 frees, 303,209,916 bytes allocated
==17961==
==17961== LEAK SUMMARY:
==17961== definitely lost: 1,392 bytes in 29 blocks
==17961== indirectly lost: 1,392 bytes in 58 blocks
==17961== possibly lost: 0 bytes in 0 blocks
==17961== still reachable: 38,946 bytes in 303 blocks
==17961== suppressed: 19,259 bytes in 31 blocks
==17961== Rerun with --leak-check=full to see details of leaked memory
==17961==
==17961== Use --track-origins=yes to see where uninitialised values come from
==17961== For lists of detected and suppressed errors, rerun with: -s
==17961== ERROR SUMMARY: 71 errors from 15 contexts (suppressed: 0 from 0)
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
no debug trace