Skip to content

[memory leaks in 3.6, mostly in reassembled_table] Fuzz job crash output: fuzz-2023-01-24-11298.pcap

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2023-01-24-11298.pcap.gz

stderr:

Branch: release-3.6
Input file: /var/menagerie/menagerie/ultimate_wireshark_protocols_pcap_220213.pcap
CI job name: Valgrind Menagerie Fuzz, ID: 3650111574
CI job URL: https://gitlab.com/wireshark/wireshark/-/jobs/3650111574
Return value: 0
Dissector bug: 0
Valgrind error count: 1
Date and time: Tue Jan 24 15:15:34 UTC 2023

Commits in the last 48 hours:
80998827 [Automatic update for 2023-01-22]

Build host information:
Linux 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

Command and args: ./tools/valgrind-wireshark.sh -b /builds/wireshark/wireshark/_install/bin  
==12921== Memcheck, a memory error detector
==12921== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==12921== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==12921== Command: /builds/wireshark/wireshark/_install/bin/tshark -nr /tmp/fuzz/fuzz-2023-01-24-11298.pcap
==12921== 
Running as user "root" and group "root". This could be dangerous.
 ** (tshark:12921) 15:12:37.689368 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 2988: epan/tvbuff.c:4518: failed assertion "len > 0"
 ** (tshark:12921) 15:12:38.645699 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 3217: epan/tvbuff_composite.c:220: failed assertion "member->length"
 ** (tshark:12921) 15:12:40.063805 [Epan WARNING] -- Dissector bug, protocol IPP, in packet 3561: epan/tvbuff.c:4518: failed assertion "len > 0"
 ** (tshark:12921) 15:12:40.408888 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 3636: Invalid length 0 passed to proto_tree_add_item_ret_uint64
 ** (tshark:12921) 15:12:47.036493 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 5244: epan/dissectors/packet-geonw.c:1264: failed assertion "!(tmp_val & 0xffffffff00000000)"
 ** (tshark:12921) 15:12:49.562380 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 5845: epan/dissectors/packet-geonw.c:1264: failed assertion "!(tmp_val & 0xffffffff00000000)"
 ** (tshark:12921) 15:12:51.463534 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 6280: epan/dissectors/packet-geonw.c:1264: failed assertion "!(tmp_val & 0xffffffff00000000)"
 ** (tshark:12921) 15:13:00.739681 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 7887: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:13:01.102144 [Epan WARNING] -- Dissector bug, protocol EPL, in packet 7965: epan/tvbuff.c:405: failed assertion "datalen>0"
 ** (tshark:12921) 15:13:09.465938 [Epan WARNING] -- Dissector bug, protocol EPL, in packet 10383: epan/tvbuff.c:405: failed assertion "datalen>0"
 ** (tshark:12921) 15:13:21.216561 [Epan WARNING] -- Dissector bug, protocol DICOM, in packet 13764: epan/column-utils.c:682: failed assertion "str"
 ** (tshark:12921) 15:13:23.433867 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 14443: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:13:27.670561 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 15585: epan/tvbuff.c:4518: failed assertion "len > 0"
 ** (tshark:12921) 15:13:36.729909 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 18359: epan/tvbuff.c:4518: failed assertion "len > 0"
 ** (tshark:12921) 15:13:38.097423 [Epan WARNING] -- Dissector bug, protocol GSUP, in packet 18790: Invalid length 0 passed to proto_tree_add_item_ret_uint
 ** (tshark:12921) 15:13:39.450735 [Epan WARNING] -- Dissector bug, protocol DICOM, in packet 19222: epan/column-utils.c:682: failed assertion "str"
 ** (tshark:12921) 15:13:41.336260 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 19881: epan/dissectors/packet-geonw.c:1264: failed assertion "!(tmp_val & 0xffffffff00000000)"
 ** (tshark:12921) 15:13:45.451056 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 21091: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:13:45.965223 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 21253: epan/dissectors/packet-geonw.c:1264: failed assertion "!(tmp_val & 0xffffffff00000000)"
 ** (tshark:12921) 15:13:49.370759 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 22307: epan/dissectors/packet-geonw.c:1264: failed assertion "!(tmp_val & 0xffffffff00000000)"
 ** (tshark:12921) 15:13:54.726350 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 22363: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:14:00.873306 [Epan WARNING] -- Dissector bug, protocol RRLP, in packet 24341: epan/tvbuff.c:405: failed assertion "datalen>0"
 ** (tshark:12921) 15:14:02.529730 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 24664: epan/dissectors/packet-tls.c:2241: failed assertion "frag_len != 0"
 ** (tshark:12921) 15:14:05.537144 [Epan WARNING] -- Dissector bug, protocol SNMP, in packet 25625: epan/asn1.c:229: failed assertion "lenE != 4"
 ** (tshark:12921) 15:14:10.029673 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 26981: epan/dissectors/packet-tls.c:2241: failed assertion "frag_len != 0"
 ** (tshark:12921) 15:14:11.807042 [Epan WARNING] -- Dissector bug, protocol EPL, in packet 27551: epan/tvbuff.c:405: failed assertion "datalen>0"
 ** (tshark:12921) 15:14:12.119270 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 27638: epan/tvbuff.c:4518: failed assertion "len > 0"
 ** (tshark:12921) 15:14:23.097254 [Epan WARNING] -- Dissector bug, protocol DICOM, in packet 31010: epan/column-utils.c:682: failed assertion "str"
 ** (tshark:12921) 15:14:29.881937 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 33286: Invalid length 0 passed to proto_tree_add_item_ret_uint64
 ** (tshark:12921) 15:14:33.280224 [Epan WARNING] -- Dissector bug, protocol IPP, in packet 34385: epan/tvbuff.c:4518: failed assertion "len > 0"
 ** (tshark:12921) 15:14:38.912679 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 36269: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:14:40.100585 [Epan WARNING] -- Dissector bug, protocol ISIS CSNP, in packet 36724: epan/dissectors/packet-osi.c:98: failed assertion "(guint)offset_check + 2 <= (guint)offset + len"
 ** (tshark:12921) 15:14:41.805870 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 37239: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:14:42.305725 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 37383: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:14:42.542220 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 37443: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:14:42.855151 [Epan WARNING] -- Dissector bug, protocol GNW, in packet 37566: epan/dissectors/packet-geonw.c:1264: failed assertion "!(tmp_val & 0xffffffff00000000)"
 ** (tshark:12921) 15:14:42.905408 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 37583: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:14:48.781300 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 39586: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:14:50.195457 [Epan WARNING] -- Dissector bug, protocol BPv7, in packet 40008: epan/tvbuff_composite.c:220: failed assertion "member->length"
 ** (tshark:12921) 15:14:57.474596 [Epan WARNING] -- Dissector bug, protocol SMUX, in packet 42432: asn1/snmp/packet-snmp-template.c:377: failed assertion "snmp_info" (No SNMP info from ASN1 context)
 ** (tshark:12921) 15:15:03.491362 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 44390: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:15:05.007374 [Epan WARNING] -- Dissector bug, protocol TLS, in packet 44893: epan/dissectors/packet-tls-utils.c:6535: failed assertion "offset <= offset_end"
 ** (tshark:12921) 15:15:09.514227 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 46253: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:15:12.099255 [Epan WARNING] -- Dissector bug, protocol CDP, in packet 47157: epan/tvbuff.c:4518: failed assertion "len > 0"
 ** (tshark:12921) 15:15:16.604489 [Epan WARNING] -- Dissector bug, protocol COSE, in packet 48721: epan/tvbuff.c:760: failed assertion "tvb && tvb->initialized"
 ** (tshark:12921) 15:15:18.100481 [Epan WARNING] -- Dissector bug, protocol IEEE1609dot2, in packet 49289: Invalid length 0 passed to proto_tree_add_item_ret_uint64
==12921== 
==12921== HEAP SUMMARY:
==12921==     in use at exit: 506,666 bytes in 9,479 blocks
==12921==   total heap usage: 4,111,057 allocs, 4,101,578 frees, 1,947,105,547 bytes allocated
==12921== 
==12921== LEAK SUMMARY:
==12921==    definitely lost: 65,036 bytes in 1,214 blocks
==12921==    indirectly lost: 238,494 bytes in 3,429 blocks
==12921==      possibly lost: 0 bytes in 0 blocks
==12921==    still reachable: 183,573 bytes in 4,802 blocks
==12921==         suppressed: 19,563 bytes in 34 blocks
==12921== Rerun with --leak-check=full to see details of leaked memory
==12921== 
==12921== For lists of detected and suppressed errors, rerun with: -s
==12921== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Definitely + indirectly (65036 + 238494) exceeds max (102400).

fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.

no debug trace

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information