Fuzz job crash output: fuzz-2022-03-07-10896.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2022-03-07-10896.pcap
stderr:
Branch: HEAD
Input file: /var/menagerie/menagerie/issue-17550-MultiTouch_1-10_fingers.pcapng
Build host information:
Linux 5.4.0-100-generic #113-Ubuntu SMP Thu Feb 3 18:43:29 UTC 2022 x86_64
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
Branch: master
CI job name: Valgrind Menagerie Fuzz, ID: 2172150544
Return value: 0
Dissector bug: 0
Valgrind error count: 21
Latest (but not necessarily the problem) commit:
b2eb47676 Tools: add script to check help URLs vs. available User's Guide chapters
Command and args: ./tools/valgrind-wireshark.sh -b /builds/wireshark/wireshark/_install/bin -T
==15530== Memcheck, a memory error detector
==15530== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==15530== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==15530== Command: /builds/wireshark/wireshark/_install/bin/tshark -Vx -nr /tmp/fuzz/fuzz-2022-03-07-10896.pcap
==15530==
Running as user "root" and group "root". This could be dangerous.
==15530== Conditional jump or move depends on uninitialised value(s)
==15530== at 0xCACD988: __vfprintf_internal (vfprintf-internal.c:1687)
==15530== by 0xCAE1FC9: __vsnprintf_internal (vsnprintf.c:114)
==15530== by 0x82B3711: proto_item_append_text (proto.c:7007)
==15530== by 0x782428F: dissect_usb_hid_report_globalitem_data (packet-usb-hid.c:4189)
==15530== by 0x7821D3E: dissect_usb_hid_report_item (packet-usb-hid.c:4388)
==15530== by 0x7821DCD: dissect_usb_hid_report_item (packet-usb-hid.c:4403)
==15530== by 0x78218E8: dissect_usb_hid_get_report_descriptor (packet-usb-hid.c:4428)
==15530== by 0x7825432: dissect_usb_hid_control_std_intf (packet-usb-hid.c:4967)
==15530== by 0x7823837: dissect_usb_hid_control (packet-usb-hid.c:5346)
==15530== by 0x8282FCA: call_dissector_through_handle (packet.c:757)
==15530== by 0x827EBF8: call_dissector_work (packet.c:850)
==15530== by 0x827E9D3: dissector_try_uint_new (packet.c:1466)
==15530==
==15530== Use of uninitialised value of size 8
==15530== at 0xCAB16CB: _itoa_word (_itoa.c:179)
==15530== by 0xCACD5A4: __vfprintf_internal (vfprintf-internal.c:1687)
==15530== by 0xCAE1FC9: __vsnprintf_internal (vsnprintf.c:114)
==15530== by 0x82B3711: proto_item_append_text (proto.c:7007)
==15530== by 0x782428F: dissect_usb_hid_report_globalitem_data (packet-usb-hid.c:4189)
==15530== by 0x7821D3E: dissect_usb_hid_report_item (packet-usb-hid.c:4388)
==15530== by 0x7821DCD: dissect_usb_hid_report_item (packet-usb-hid.c:4403)
==15530== by 0x78218E8: dissect_usb_hid_get_report_descriptor (packet-usb-hid.c:4428)
==15530== by 0x7825432: dissect_usb_hid_control_std_intf (packet-usb-hid.c:4967)
==15530== by 0x7823837: dissect_usb_hid_control (packet-usb-hid.c:5346)
==15530== by 0x8282FCA: call_dissector_through_handle (packet.c:757)
==15530== by 0x827EBF8: call_dissector_work (packet.c:850)
==15530==
==15530== Conditional jump or move depends on uninitialised value(s)
==15530== at 0xCAB16DD: _itoa_word (_itoa.c:179)
==15530== by 0xCACD5A4: __vfprintf_internal (vfprintf-internal.c:1687)
==15530== by 0xCAE1FC9: __vsnprintf_internal (vsnprintf.c:114)
==15530== by 0x82B3711: proto_item_append_text (proto.c:7007)
==15530== by 0x782428F: dissect_usb_hid_report_globalitem_data (packet-usb-hid.c:4189)
==15530== by 0x7821D3E: dissect_usb_hid_report_item (packet-usb-hid.c:4388)
==15530== by 0x7821DCD: dissect_usb_hid_report_item (packet-usb-hid.c:4403)
==15530== by 0x78218E8: dissect_usb_hid_get_report_descriptor (packet-usb-hid.c:4428)
==15530== by 0x7825432: dissect_usb_hid_control_std_intf (packet-usb-hid.c:4967)
==15530== by 0x7823837: dissect_usb_hid_control (packet-usb-hid.c:5346)
==15530== by 0x8282FCA: call_dissector_through_handle (packet.c:757)
==15530== by 0x827EBF8: call_dissector_work (packet.c:850)
==15530==
==15530== Conditional jump or move depends on uninitialised value(s)
==15530== at 0xCACE258: __vfprintf_internal (vfprintf-internal.c:1687)
==15530== by 0xCAE1FC9: __vsnprintf_internal (vsnprintf.c:114)
==15530== by 0x82B3711: proto_item_append_text (proto.c:7007)
==15530== by 0x782428F: dissect_usb_hid_report_globalitem_data (packet-usb-hid.c:4189)
==15530== by 0x7821D3E: dissect_usb_hid_report_item (packet-usb-hid.c:4388)
==15530== by 0x7821DCD: dissect_usb_hid_report_item (packet-usb-hid.c:4403)
==15530== by 0x78218E8: dissect_usb_hid_get_report_descriptor (packet-usb-hid.c:4428)
==15530== by 0x7825432: dissect_usb_hid_control_std_intf (packet-usb-hid.c:4967)
==15530== by 0x7823837: dissect_usb_hid_control (packet-usb-hid.c:5346)
==15530== by 0x8282FCA: call_dissector_through_handle (packet.c:757)
==15530== by 0x827EBF8: call_dissector_work (packet.c:850)
==15530== by 0x827E9D3: dissector_try_uint_new (packet.c:1466)
==15530==
==15530== Conditional jump or move depends on uninitialised value(s)
==15530== at 0xCACD71E: __vfprintf_internal (vfprintf-internal.c:1687)
==15530== by 0xCAE1FC9: __vsnprintf_internal (vsnprintf.c:114)
==15530== by 0x82B3711: proto_item_append_text (proto.c:7007)
==15530== by 0x782428F: dissect_usb_hid_report_globalitem_data (packet-usb-hid.c:4189)
==15530== by 0x7821D3E: dissect_usb_hid_report_item (packet-usb-hid.c:4388)
==15530== by 0x7821DCD: dissect_usb_hid_report_item (packet-usb-hid.c:4403)
==15530== by 0x78218E8: dissect_usb_hid_get_report_descriptor (packet-usb-hid.c:4428)
==15530== by 0x7825432: dissect_usb_hid_control_std_intf (packet-usb-hid.c:4967)
==15530== by 0x7823837: dissect_usb_hid_control (packet-usb-hid.c:5346)
==15530== by 0x8282FCA: call_dissector_through_handle (packet.c:757)
==15530== by 0x827EBF8: call_dissector_work (packet.c:850)
==15530== by 0x827E9D3: dissector_try_uint_new (packet.c:1466)
==15530==
==15530==
==15530== HEAP SUMMARY:
==15530== in use at exit: 60,989 bytes in 421 blocks
==15530== total heap usage: 1,576,772 allocs, 1,576,351 frees, 121,460,270 bytes allocated
==15530==
==15530== LEAK SUMMARY:
==15530== definitely lost: 1,392 bytes in 29 blocks
==15530== indirectly lost: 1,392 bytes in 58 blocks
==15530== possibly lost: 0 bytes in 0 blocks
==15530== still reachable: 38,946 bytes in 303 blocks
==15530== suppressed: 19,259 bytes in 31 blocks
==15530== Rerun with --leak-check=full to see details of leaked memory
==15530==
==15530== Use --track-origins=yes to see where uninitialised values come from
==15530== For lists of detected and suppressed errors, rerun with: -s
==15530== ERROR SUMMARY: 21 errors from 5 contexts (suppressed: 0 from 0)
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.no debug trace