Fuzz job crash output: fuzz-2023-03-10-6859.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2023-03-10-6859.pcap.gz
stderr:
Branch: master
Input file: /var/menagerie/menagerie/ultimate_wireshark_protocols_pcap_220213.pcap
CI job name: ASan Menagerie Fuzz, ID: 3913591865
CI job URL: https://gitlab.com/wireshark/wireshark/-/jobs/3913591865
Return value: 0
Dissector bug: 0
Date and time: Fri Mar 10 20:38:12 UTC 2023
Commits in the last 48 hours:
1e5514061 Fix build warnings
2452c537e Generate SRVSVC parser using PIDL
c1c904095 Update SRVSVC IDL and CNF
b50ed1dc8 GUI: Colorize with filter could use an old filter
3b7f810f3 Docs: Fix the Developer's Guide chapter order
45274a7b9 IEC104: Unifying filter names
32541d81c ORAN FH CUS: Expert malformed info if > 3 bytes in frame after PDU
cc04dad6d Qt: Put p->show() before p->setVisible to allow later to take effect
d574cd2c2 Add support for Wi-SUN JM-IE and JM-PFL
035547761 Add support for Wi-SUN LBATS-IE
bf53ea508 Drop support for Wi-SUN NR-IE Listening Type
321932d31 TECMP: Cleanup and fix units
9a63e4cf7 ORAN FH CUS: Add an array length check
2a7e4982a dumpcap: Make debugging compile again
Build host information:
Linux 5.19.0-35-generic #36~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 17 15:17:25 UTC 2 x86_64
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2 --log-fatal-domains=UTF-8 -nVxr
Running as user "root" and group "root". This could be dangerous.
** (tshark:96299) 20:37:44.493257 [Epan WARNING] -- Dissector bug, protocol BT-DHT, in packet 30307: epan/tvbuff.c:4519: failed assertion "len > 0"
** (tshark:96299) 20:37:44.496876 [Epan WARNING] -- Dissector bug, protocol Q.931, in packet 30317: epan/packet.c:882: failed assertion "saved_layers_len < 500"
** (tshark:96299) 20:37:44.497064 [Epan WARNING] -- Dissector bug, protocol Q.931, in packet 30317: epan/packet.c:882: failed assertion "saved_layers_len < 500"
** (tshark:96299) 20:37:44.500360 [Epan WARNING] -- Dissector bug, protocol IDMP, in packet 30334: epan/asn1.c:232: failed assertion "lenE < len - 1"
** (tshark:96299) 20:37:44.500975 [Epan WARNING] -- Dissector bug, protocol NBAP, in packet 30336: epan/dissectors/packet-nbap.c:23677: failed assertion "num_items > 0"
** (tshark:96299) 20:37:44.502567 [Epan WARNING] -- Dissector bug, protocol TPM2.0, in packet 30343: epan/dissectors/packet-tpm20.c:1050: failed assertion "command_entry != ((void*)0)"
** (tshark:96299) 20:37:44.503012 [Epan WARNING] -- Dissector bug, protocol SNMP, in packet 30345: epan/asn1.c:252: failed assertion "lenN <= 8"
** (tshark:96299) 20:37:44.503462 [Epan WARNING] -- Dissector bug, protocol MPTCP, in packet 30348: epan/dissectors/packet-tcp.c:5668: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"
** (tshark:96299) 20:37:44.503796 [Epan WARNING] -- Dissector bug, protocol SMUX, in packet 30349: epan/dissectors/packet-snmp.c:464: failed assertion "snmp_info" (No SNMP info from ASN1 context)
** (tshark:96299) 20:37:44.506934 [Epan WARNING] -- Dissector bug, protocol NBAP, in packet 30364: epan/dissectors/packet-nbap.c:23677: failed assertion "num_items > 0"
** (tshark:96299) 20:37:44.510089 [Epan WARNING] -- Dissector bug, protocol SABP, in packet 30381: epan/tvbuff.c:535: failed assertion "tvb && tvb->initialized"
** (tshark:96299) 20:37:44.510454 [Epan WARNING] -- Dissector bug, protocol SNMP, in packet 30382: epan/asn1.c:232: failed assertion "lenE < len - 1"
** (tshark:96299) 20:37:44.510932 [Epan WARNING] -- Dissector bug, protocol Thrift, in packet 30384: epan/dissectors/packet-thrift.c:2925: failed assertion "(frame_len + TBP_THRIFT_LENGTH_LEN) == reported"
** (tshark:96299) 20:37:44.511375 [Epan WARNING] -- Dissector bug, protocol NOE, in packet 30386: epan/tvbuff.c:4519: failed assertion "len > 0"
** (tshark:96299) 20:37:44.551804 [Epan WARNING] -- Dissector bug, protocol NOE, in packet 30565: epan/tvbuff.c:4519: failed assertion "len > 0"
** (tshark:96299) 20:37:44.842830 [(none) WARNING] epan/dissectors/packet-bpv6.c:1859 -- evaluate_sdnv(): evaluate_sdnv decoded a value too large to fit in an int, truncating
** (tshark:96299) 20:37:44.851649 [Epan WARNING] -- Dissector bug, protocol GQUIC, in packet 31375: epan/dissectors/packet-gquic.c:1867: failed assertion "gquic_info->version_valid && gquic_info->version >= 50"
** (tshark:96299) 20:37:46.610810 [Epan WARNING] -- Dissector bug, protocol SMUX, in packet 36427: epan/dissectors/packet-snmp.c:464: failed assertion "snmp_info" (No SNMP info from ASN1 context)
** (tshark:96299) 20:37:46.804048 [(none) WARNING] epan/dissectors/packet-bpv6.c:1859 -- evaluate_sdnv(): evaluate_sdnv decoded a value too large to fit in an int, truncating
** (tshark:96299) 20:37:48.258995 [(none) WARNING] epan/dissectors/packet-bpv6.c:1859 -- evaluate_sdnv(): evaluate_sdnv decoded a value too large to fit in an int, truncating
** (tshark:96299) 20:37:48.259076 [(none) WARNING] epan/dissectors/packet-bpv6.c:1859 -- evaluate_sdnv(): evaluate_sdnv decoded a value too large to fit in an int, truncating
** (tshark:96299) 20:37:48.332803 [(none) WARNING] epan/dissectors/packet-bpv6.c:1859 -- evaluate_sdnv(): evaluate_sdnv decoded a value too large to fit in an int, truncating
** (tshark:96299) 20:38:06.773801 [Epan WARNING] -- Dissector bug, protocol BT-DHT, in packet 30307: epan/tvbuff.c:4519: failed assertion "len > 0"
** (tshark:96299) 20:38:06.788842 [Epan WARNING] -- Dissector bug, protocol Q.931, in packet 30317: epan/packet.c:882: failed assertion "saved_layers_len < 500"
** (tshark:96299) 20:38:06.789156 [Epan WARNING] -- Dissector bug, protocol Q.931, in packet 30317: epan/packet.c:882: failed assertion "saved_layers_len < 500"
** (tshark:96299) 20:38:06.801259 [Epan WARNING] -- Dissector bug, protocol RPCoRDMA, in packet 30326: epan/tvbuff.c:748: failed assertion "tvb && tvb->initialized"
** (tshark:96299) 20:38:06.807639 [Epan WARNING] -- Dissector bug, protocol IDMP, in packet 30334: epan/asn1.c:232: failed assertion "lenE < len - 1"
** (tshark:96299) 20:38:06.809442 [Epan WARNING] -- Dissector bug, protocol NBAP, in packet 30336: epan/dissectors/packet-nbap.c:23677: failed assertion "num_items > 0"
** (tshark:96299) 20:38:06.815749 [Epan WARNING] -- Dissector bug, protocol TPM2.0, in packet 30343: epan/dissectors/packet-tpm20.c:1050: failed assertion "command_entry != ((void*)0)"
** (tshark:96299) 20:38:06.817661 [Epan WARNING] -- Dissector bug, protocol SNMP, in packet 30345: epan/asn1.c:252: failed assertion "lenN <= 8"
** (tshark:96299) 20:38:06.820903 [Epan WARNING] -- Dissector bug, protocol SMUX, in packet 30349: epan/dissectors/packet-snmp.c:464: failed assertion "snmp_info" (No SNMP info from ASN1 context)
** (tshark:96299) 20:38:06.829754 [Epan WARNING] -- Dissector bug, protocol BATADV, in packet 30358: Illegal call of proto_item_add_bitmask_tree without fields
** (tshark:96299) 20:38:06.835641 [Epan WARNING] -- Dissector bug, protocol NBAP, in packet 30364: epan/dissectors/packet-nbap.c:23677: failed assertion "num_items > 0"
** (tshark:96299) 20:38:06.848941 [Epan WARNING] -- Dissector bug, protocol RTPS, in packet 30380: epan/dissectors/packet-rtps.c:6456: failed assertion "guid->fields_present & 0x00000002"
** (tshark:96299) 20:38:06.851367 [Epan WARNING] -- Dissector bug, protocol SNMP, in packet 30382: epan/asn1.c:232: failed assertion "lenE < len - 1"
** (tshark:96299) 20:38:06.853095 [Epan WARNING] -- Dissector bug, protocol Thrift, in packet 30384: epan/dissectors/packet-thrift.c:2925: failed assertion "(frame_len + TBP_THRIFT_LENGTH_LEN) == reported"
** (tshark:96299) 20:38:06.854761 [Epan WARNING] -- Dissector bug, protocol NOE, in packet 30386: epan/tvbuff.c:4519: failed assertion "len > 0"
** (tshark:96299) 20:38:07.077775 [Epan WARNING] -- Dissector bug, protocol NOE, in packet 30565: epan/tvbuff.c:4519: failed assertion "len > 0"
** (tshark:96299) 20:38:07.139705 [Epan WARNING] -- Dissector bug, protocol RPCoRDMA, in packet 30624: epan/tvbuff.c:748: failed assertion "tvb && tvb->initialized"
** (tshark:96299) 20:38:07.143916 [Epan WARNING] -- Dissector bug, protocol RPCoRDMA, in packet 30630: epan/tvbuff.c:748: failed assertion "tvb && tvb->initialized"
** (tshark:96299) 20:38:07.634213 [Epan WARNING] -- Dissector bug, protocol RTPS, in packet 30992: epan/proto.c:7118: failed assertion "length >= 0" (text)
** (tshark:96299) 20:38:08.075425 [(none) WARNING] epan/dissectors/packet-bpv6.c:1859 -- evaluate_sdnv(): evaluate_sdnv decoded a value too large to fit in an int, truncating
** (tshark:96299) 20:38:08.112402 [Epan WARNING] -- Dissector bug, protocol RTPS, in packet 31362: epan/proto.c:7118: failed assertion "length >= 0" (text)
** (tshark:96299) 20:38:08.126382 [Epan WARNING] -- Dissector bug, protocol GQUIC, in packet 31375: epan/dissectors/packet-gquic.c:1867: failed assertion "gquic_info->version_valid && gquic_info->version >= 50"
** (tshark:96299) 20:38:08.169183 [Epan WARNING] -- Dissector bug, protocol RPCoRDMA, in packet 31403: epan/tvbuff.c:748: failed assertion "tvb && tvb->initialized"
** (tshark:96299) 20:38:08.224307 [Epan WARNING] -- Dissector bug, protocol RTPS, in packet 31435: epan/proto.c:7118: failed assertion "length >= 0" (text)
** (tshark:96299) 20:38:12.134782 [Epan ERROR] epan/proto.c:4020 -- proto_tree_add_item_new(): Adding lisp.lcaf.natt.rloc would put more than 1000000 items in the tree -- possible infinite loop (max number of items can be increased in advanced preferences)
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
./tools/fuzz-test.sh: line 267: 96299 Aborted (core dumped) "$RUNNER" $COMMON_ARGS $ARGS "$TMP_DIR/$TMP_FILE" > /dev/null 2>> "$TMP_DIR/$ERR_FILE.$SUBSHELL_PID"
no debug trace