Fuzz job crash output: fuzz-2024-01-01-7740.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2024-01-01-7740.pcap.gz
stderr:
Branch: master
Input file: /var/menagerie/menagerie/16666-reassembly.pcapng
CI job name: Valgrind Menagerie Fuzz, ID: 5842655340
CI job URL: https://gitlab.com/wireshark/wireshark/-/jobs/5842655340
Return value: 0
Dissector bug: 0
Valgrind error count: 40
Date and time: Tue Jan 2 00:34:45 UTC 2024
Commits in the last 48 hours:
b67b86059e7d IAX2: Unknown HF is now 0, not -1
322ae0f0d86e Happy New Year 2024
9600ef227950 dumpcap: Pass the Capchild log level from parent to dumpcap
3fbefe9c3659 dumpcap: Make capture child logging work
2bf14f5fe645 JSON-3GPP: fix a (presumed) typo
695740ea411f capture: Don't print a warning for an empty message
4f46ed269ff8 USB: Dissect protocol also at interface level
a024563fb321 [Automatic update for 2023-12-31]
96207a4e2768 Don't pass UTF_8 arg to valgrind script
c08e6e56fd13 Remove packet scope usage from a few dissectors
4a454d8d626a dumpcap: Don't use fd 2 (stderr) for the sync pipe
17fcdb473511 pcap: Update link_type_vals
dc6f197726f8 dumpcap: treat connect errors as remote capture errors.
d9247e7edbbc GitLab CI: Get our clang version from our container
Build host information:
Linux 6.2.0-39-generic #40~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 16 10:53:04 UTC 2 x86_64
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
Command and args: ./tools/valgrind-wireshark.sh -b /builds/wireshark/wireshark/_install/bin
==23447== Memcheck, a memory error detector
==23447== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==23447== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==23447== Command: /builds/wireshark/wireshark/_install/bin/tshark -nr /tmp/fuzz/fuzz-2024-01-01-7740.pcap
==23447==
Running as user "root" and group "root". This could be dangerous.
==23447== Use of uninitialised value of size 8
==23447== at 0xDAF0816: wmem_map_lookup (wsutil/wmem/wmem_map.c:264)
==23447== by 0x7DE388C: get_domain_id_from_tcp_discovered_participants (epan/dissectors/packet-rtps.c:6518)
==23447== by 0x7DE33AB: dissect_rtps (epan/dissectors/packet-rtps.c:13741)
==23447== by 0x7DCC622: dissect_rtps_udp (epan/dissectors/packet-rtps.c:13934)
==23447== by 0x8C60B1F: dissector_try_heuristic (epan/packet.c:3007)
==23447== by 0x8026704: decode_udp_ports (epan/dissectors/packet-udp.c:695)
==23447== by 0x8029136: dissect (epan/dissectors/packet-udp.c:1281)
==23447== by 0x802751D: dissect_udp (epan/dissectors/packet-udp.c:1287)
==23447== by 0x8C62D5A: call_dissector_through_handle (epan/packet.c:857)
==23447== by 0x8C5E3F5: call_dissector_work (epan/packet.c:948)
==23447== by 0x8C5E1F3: dissector_try_uint_new (epan/packet.c:1581)
==23447== by 0x78CBBB5: ip_try_dissect (epan/dissectors/packet-ip.c:1832)
==23447==
==23447== Conditional jump or move depends on uninitialised value(s)
==23447== at 0xDBABD72: g_utf8_find_prev_char (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4)
==23447== by 0xDB077FC: ws_utf8_truncate (wsutil/str_util.c:1125)
==23447== by 0x7DD64D1: rtps_strlcpy (epan/dissectors/packet-rtps.c:2812)
==23447== by 0x7DD3739: rtps_util_store_type_mapping (epan/dissectors/packet-rtps.c:6476)
==23447== by 0x7DCF36F: dissect_parameter_sequence_v1 (epan/dissectors/packet-rtps.c:7885)
==23447== by 0x7DCEFCE: dissect_parameter_sequence (epan/dissectors/packet-rtps.c:9385)
==23447== by 0x7DD9AB7: dissect_serialized_data (epan/dissectors/packet-rtps.c:9985)
==23447== by 0x7DE01AF: dissect_RTPS_DATA (epan/dissectors/packet-rtps.c:12169)
==23447== by 0x7DCAB2C: dissect_rtps_submessage_v2 (epan/dissectors/packet-rtps.c:13483)
==23447== by 0x7DCA447: dissect_rtps_submessages (epan/dissectors/packet-rtps.c:13910)
==23447== by 0x7DE37A5: dissect_rtps (epan/dissectors/packet-rtps.c:13805)
==23447== by 0x7DCC622: dissect_rtps_udp (epan/dissectors/packet-rtps.c:13934)
==23447==
==23447== Conditional jump or move depends on uninitialised value(s)
==23447== at 0xDBAC6A5: g_utf8_get_char_validated (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4)
==23447== by 0xDB0781B: ws_utf8_truncate (wsutil/str_util.c:1126)
==23447== by 0x7DD64D1: rtps_strlcpy (epan/dissectors/packet-rtps.c:2812)
==23447== by 0x7DD3739: rtps_util_store_type_mapping (epan/dissectors/packet-rtps.c:6476)
==23447== by 0x7DCF36F: dissect_parameter_sequence_v1 (epan/dissectors/packet-rtps.c:7885)
==23447== by 0x7DCEFCE: dissect_parameter_sequence (epan/dissectors/packet-rtps.c:9385)
==23447== by 0x7DD9AB7: dissect_serialized_data (epan/dissectors/packet-rtps.c:9985)
==23447== by 0x7DE01AF: dissect_RTPS_DATA (epan/dissectors/packet-rtps.c:12169)
==23447== by 0x7DCAB2C: dissect_rtps_submessage_v2 (epan/dissectors/packet-rtps.c:13483)
==23447== by 0x7DCA447: dissect_rtps_submessages (epan/dissectors/packet-rtps.c:13910)
==23447== by 0x7DE37A5: dissect_rtps (epan/dissectors/packet-rtps.c:13805)
==23447== by 0x7DCC622: dissect_rtps_udp (epan/dissectors/packet-rtps.c:13934)
==23447==
==23447== Conditional jump or move depends on uninitialised value(s)
==23447== at 0xDBABD72: g_utf8_find_prev_char (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4)
==23447== by 0xDB077FC: ws_utf8_truncate (wsutil/str_util.c:1125)
==23447== by 0x7DD64D1: rtps_strlcpy (epan/dissectors/packet-rtps.c:2812)
==23447== by 0x7DD376B: rtps_util_store_type_mapping (epan/dissectors/packet-rtps.c:6482)
==23447== by 0x7DCF472: dissect_parameter_sequence_v1 (epan/dissectors/packet-rtps.c:7924)
==23447== by 0x7DCEFCE: dissect_parameter_sequence (epan/dissectors/packet-rtps.c:9385)
==23447== by 0x7DD9AB7: dissect_serialized_data (epan/dissectors/packet-rtps.c:9985)
==23447== by 0x7DE01AF: dissect_RTPS_DATA (epan/dissectors/packet-rtps.c:12169)
==23447== by 0x7DCAB2C: dissect_rtps_submessage_v2 (epan/dissectors/packet-rtps.c:13483)
==23447== by 0x7DCA447: dissect_rtps_submessages (epan/dissectors/packet-rtps.c:13910)
==23447== by 0x7DE37A5: dissect_rtps (epan/dissectors/packet-rtps.c:13805)
==23447== by 0x7DCC622: dissect_rtps_udp (epan/dissectors/packet-rtps.c:13934)
==23447==
==23447== Conditional jump or move depends on uninitialised value(s)
==23447== at 0xDBAC6A5: g_utf8_get_char_validated (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.4)
==23447== by 0xDB0781B: ws_utf8_truncate (wsutil/str_util.c:1126)
==23447== by 0x7DD64D1: rtps_strlcpy (epan/dissectors/packet-rtps.c:2812)
==23447== by 0x7DD376B: rtps_util_store_type_mapping (epan/dissectors/packet-rtps.c:6482)
==23447== by 0x7DCF472: dissect_parameter_sequence_v1 (epan/dissectors/packet-rtps.c:7924)
==23447== by 0x7DCEFCE: dissect_parameter_sequence (epan/dissectors/packet-rtps.c:9385)
==23447== by 0x7DD9AB7: dissect_serialized_data (epan/dissectors/packet-rtps.c:9985)
==23447== by 0x7DE01AF: dissect_RTPS_DATA (epan/dissectors/packet-rtps.c:12169)
==23447== by 0x7DCAB2C: dissect_rtps_submessage_v2 (epan/dissectors/packet-rtps.c:13483)
==23447== by 0x7DCA447: dissect_rtps_submessages (epan/dissectors/packet-rtps.c:13910)
==23447== by 0x7DE37A5: dissect_rtps (epan/dissectors/packet-rtps.c:13805)
==23447== by 0x7DCC622: dissect_rtps_udp (epan/dissectors/packet-rtps.c:13934)
==23447==
==23447==
==23447== HEAP SUMMARY:
==23447== in use at exit: 101,405 bytes in 1,773 blocks
==23447== total heap usage: 242,253 allocs, 240,480 frees, 32,193,724 bytes allocated
==23447==
==23447== LEAK SUMMARY:
==23447== definitely lost: 27,400 bytes in 685 blocks
==23447== indirectly lost: 8,220 bytes in 685 blocks
==23447== possibly lost: 0 bytes in 0 blocks
==23447== still reachable: 46,372 bytes in 375 blocks
==23447== suppressed: 19,413 bytes in 28 blocks
==23447== Rerun with --leak-check=full to see details of leaked memory
==23447==
==23447== Use --track-origins=yes to see where uninitialised values come from
==23447== For lists of detected and suppressed errors, rerun with: -s
==23447== ERROR SUMMARY: 40 errors from 5 contexts (suppressed: 0 from 0)
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
no debug trace