Fuzz job issue: fuzz-2024-05-22-11623.pcap
Problems have been found with the following capture file:
https://www.wireshark.org/download/automated/captures/fuzz-2024-05-22-11623.pcap.gz
stderr:
Branch: master
Input file: /var/menagerie/menagerie/ultimate_wireshark_protocols_pcap_220213.pcap
CI job name: Valgrind Menagerie Fuzz, ID: 6907171592
CI job URL: https://gitlab.com/wireshark/wireshark/-/jobs/6907171592
Return value: 0
Dissector bug: 0
Valgrind error count: 5
Date and time: Wed May 22 08:10:18 AM UTC 2024
Commits in the last 48 hours:
e60926f848c0 Falco bridge: Fix compilation
a4904bc1dd9f Fix GATT service discovery when both sides have services
7b87fb200da7 tools/check_typed_item_calls.py: check blurb vs label
e09cfc09f243 Pass conversation types to conversation functions
fc1dcd86e71b Replace "ElementsOf" macro with common "array_length".
779525d4364e Replace all "sizeof x / sizeof x[0]" with array_length.
e3adfd5c36af Consolidate array_length and g_ptr_array_len into a new header.
e49d6dd7cb3b Shellcheck updates
0c3bf2d77e32 RLC LTE: fix dissection of EUTRA DL CCCH messages
b457e92c8232 caneth: Initialize the other fields of the can_info
bf1f858061ac TCP: Set base sequence, relative sequence numbers for IP fragments
5fe00c99b213 Debian: Update our po files
8f1bf84efbd4 Debian: Logray packaging updates
7c4bb6eb3c30 epan+UI: Add display filter translators
5819e47e8462 Zigbee GP: Don't try to decrypt truncated TVBs
15ced22366f6 Revert "Lua: Fix handling of Wireshark exceptions inside dissectors"
c37480e0dc73 Lua: Fix handling of Wireshark exceptions inside dissectors
e73d316bcf1a Zabbix: Change GLib types to C99
59e6eb3d23ab Fix some spelling errors
adfa002030a1 TCP Stream: Make sure the SACK rel/abs sequence number is correct
53d8c1b6599b MySQL: Handle displaying parameters and result sets in charset
8f6822071ee4 Qt: Switch rwin_graph axes depending on TCP Stream graph selected
d2f17dcb8439 IEC104: Fix some range_string values with -ve range
Build host information:
Linux 6.5.0-28-generic #29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr 4 14:39:20 UTC 2 x86_64
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
Command and args: ./tools/valgrind-wireshark.sh -b /builds/wireshark/wireshark/_install/bin
==19966== Memcheck, a memory error detector
==19966== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==19966== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==19966== Command: /builds/wireshark/wireshark/_install/bin/tshark -nr /tmp/fuzz/fuzz-2024-05-22-11623.pcap
==19966==
Running as user "root" and group "root". This could be dangerous.
==19966== Conditional jump or move depends on uninitialised value(s)
==19966== at 0x8751F4F: dissect_mms_T_data_bit_string (epan/dissectors/packet-mms.c:2520)
==19966== by 0x7315EC2: dissect_ber_choice (epan/dissectors/packet-ber.c:2970)
==19966== by 0x8751B1E: dissect_mms_Data (epan/dissectors/packet-mms.c:2891)
==19966== by 0x7315EC2: dissect_ber_choice (epan/dissectors/packet-ber.c:2970)
==19966== by 0x8756D7F: dissect_mms_AccessResult (epan/dissectors/packet-mms.c:5782)
==19966== by 0x731760C: dissect_ber_sq_of (epan/dissectors/packet-ber.c:3576)
==19966== by 0x7317747: dissect_ber_sequence_of (epan/dissectors/packet-ber.c:3604)
==19966== by 0x8756B4C: dissect_mms_SEQUENCE_OF_AccessResult (epan/dissectors/packet-mms.c:5801)
==19966== by 0x7314D74: dissect_ber_sequence (epan/dissectors/packet-ber.c:2455)
==19966== by 0x8754E5C: dissect_mms_Read_Response (epan/dissectors/packet-mms.c:5816)
==19966== by 0x7315EC2: dissect_ber_choice (epan/dissectors/packet-ber.c:2970)
==19966== by 0x8754C4F: dissect_mms_ConfirmedServiceResponse (epan/dissectors/packet-mms.c:7515)
==19966==
** (tshark:19966) 08:09:40.468090 [Epan WARNING] -- Dissector bug, protocol GSUP, in packet 34167: epan/dissectors/packet-gsm_gsup.c:642: failed assertion "0"
** (tshark:19966) 08:09:46.396737 [Epan WARNING] -- Dissector bug, protocol ISIS CSNP, in packet 36980: epan/dissectors/packet-osi.c:100: failed assertion "(guint)offset_check + 2 <= (guint)offset + len"
** (tshark:19966) 08:09:59.055118 [Epan WARNING] -- Dissector bug, protocol IDMP, in packet 43155: epan/asn1.c:232: failed assertion "lenE < len - 1"
** (tshark:19966) 08:10:12.015174 [Epan WARNING] -- Dissector bug, protocol SNDCP, in packet 49221: epan/reassemble.c:2063: failed assertion "fd_head->len >= dfpos + fd->len"
==19966==
==19966== HEAP SUMMARY:
==19966== in use at exit: 241,856 bytes in 4,592 blocks
==19966== total heap usage: 5,407,095 allocs, 5,402,503 frees, 1,884,031,317 bytes allocated
==19966==
==19966== LEAK SUMMARY:
==19966== definitely lost: 1,192 bytes in 20 blocks
==19966== indirectly lost: 3,918 bytes in 61 blocks
==19966== possibly lost: 0 bytes in 0 blocks
==19966== still reachable: 217,410 bytes in 4,486 blocks
==19966== suppressed: 19,336 bytes in 25 blocks
==19966== Rerun with --leak-check=full to see details of leaked memory
==19966==
==19966== Use --track-origins=yes to see where uninitialised values come from
==19966== For lists of detected and suppressed errors, rerun with: -s
==19966== ERROR SUMMARY: 5 errors from 1 contexts (suppressed: 0 from 0)
fuzz-test.sh stderr:
Running as user "root" and group "root". This could be dangerous.
no debug trace