Ethereal-dev: Re: [Ethereal-dev] ethereal dump core when trying to decode mapi encrypted data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: TJ Li <tiejli@xxxxxxxxx>
Date: Wed, 11 Aug 2004 10:33:10 -0700 (PDT)
--- Guy Harris <gharris@xxxxxxxxx> wrote:

> On Tue, Aug 10, 2004 at 09:35:23PM -0700, TJ Li wrote:
> > Codes are from latest ethereal branch.
> 
> I.e., the current Subversion main line?

yes. I think so. I attached backtrace here. It crashed in add_new_data_source. where is
that function defined?

"Following tcp stream" crashes sometimes on windows. I can get some information for you
guys next time.

Let me know whatelse I can do to help you fix the crash.

TJ

> > I made it by myself.  I attached back trace here. 
> > 
> > To reproduce it, select Preference-> Protocol -> Mapi Decrypt MAPI PDUs,
> > ethereal crashes sometimes, not always, seems crash once the other
> > time.
> > 
> > I also attachmented a mapi traffic here too.
> 
> I can't make it crash with that capture on my FreeBSD 4.6 machine
> (current Subversion code).  There could be some OS difference that keeps
> it from crashing.
> 
> > What should I do when I make ethereal so that it would show real function
> > names instead of ?? when I backtrace core in gdb?
> 
> Try running
> 
> 	./libtool gdb ethereal core.3920
> 
> When you build a binary that requires libtool (as Ethereal does), you
> need to use "libtool gdb" rather than just "gdb" to debug the version of
> the binary built in that tree (but not to debug the installed version) -
> the "ethereal" file isn't the executable image for Ethereal, it's a
> shell script wrapper, generated by libtool, to run that executable image
> with the appropriate environment variable settings so that it'll find
> shared libraries (such as libethereal.so).
> 
> Note the
> 
> 	"/usr/home/nfs/tli/work/riverbed/ethereal-latest/ethereal/ethereal": not in executable
> format: File format not recognized
> 
> error, and the
> 
> 	Core was generated by `lt-ethereal'.
> 
> "lt-ethereal" is the actual Ethereal binary; it's in a subdirectory
> (".libs", I think) - but you can't necessarily do
> 
> 	gdb .libs/lt-ethereal core.3920
> 
> You should, instead, do "./libtool gdb ethereal core.3920".
> 
> > Also, the latest ethereal windows version seems have problem with
> > "follow tcp stream" .
> 
> What kind of problem?
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
    [ethereal]$ ./libtool gdb ethereal core.3920 
    GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
    Copyright 2003 Free Software Foundation, Inc.
    GDB is free software, covered by the GNU General Public License, and you are
    welcome to change it and/or distribute copies of it under certain conditions.
    Type "show copying" to see the conditions.
    There is absolutely no warranty for GDB.  Type "show warranty" for details.
    This GDB was configured as "i386-redhat-linux-gnu"...
    Core was generated by `lt-ethereal'.
    Program terminated with signal 11, Segmentation fault.
    Reading symbols from /u/tli/work/riverbed/ethereal-latest/ethereal/wiretap/.libs/libwiretap.so.0...done.
    Loaded symbols for /u/tli/work/riverbed/ethereal-latest/ethereal/wiretap/.libs/libwiretap.so.0
    Reading symbols from /u/tli/work/riverbed/ethereal-latest/ethereal/epan/.libs/libethereal.so.0...
    done.
    Loaded symbols for /u/tli/work/riverbed/ethereal-latest/ethereal/epan/.libs/libethereal.so.0
    Reading symbols from /lib/libcrypto.so.4...done.
    Loaded symbols for /lib/libcrypto.so.4
    Reading symbols from /usr/lib/libpcap.so.0.6.2...done.
    Loaded symbols for /usr/lib/libpcap.so.0.6.2
    Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...done.
    Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
    Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...done.
    Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
    Reading symbols from /usr/lib/libatk-1.0.so.0...done.
    Loaded symbols for /usr/lib/libatk-1.0.so.0
    Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...done.
    Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
    Reading symbols from /lib/tls/libm.so.6...done.
    Loaded symbols for /lib/tls/libm.so.6
    Reading symbols from /usr/lib/libpangoxft-1.0.so.0...done.
    Loaded symbols for /usr/lib/libpangoxft-1.0.so.0
    Reading symbols from /usr/lib/libpangox-1.0.so.0...done.
    Loaded symbols for /usr/lib/libpangox-1.0.so.0
    Reading symbols from /usr/lib/libpango-1.0.so.0...done.
    Loaded symbols for /usr/lib/libpango-1.0.so.0
    Reading symbols from /usr/lib/libgobject-2.0.so.0...done.
    Loaded symbols for /usr/lib/libgobject-2.0.so.0
    Reading symbols from /usr/lib/libgmodule-2.0.so.0...done.

    Loaded symbols for /lib/ld-linux.so.2
    Reading symbols from /usr/lib/libexpat.so.0...done.
    Loaded symbols for /usr/lib/libexpat.so.0
    Reading symbols from /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2...done.
    Loaded symbols for /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2
    Reading symbols from /lib/libnss_files.so.2...done.
    Loaded symbols for /lib/libnss_files.so.2
    Reading symbols from /lib/libnss_dns.so.2...done.
    Loaded symbols for /lib/libnss_dns.so.2
    Reading symbols from /lib/libresolv.so.2...done.
    Loaded symbols for /lib/libresolv.so.2
    Reading symbols from /usr/lib/gtk-2.0/2.2.0/engines/libbluecurve.so...done.
    Loaded symbols for /usr/lib/gtk-2.0/2.2.0/engines/libbluecurve.so
    Reading symbols from /usr/lib/gconv/ISO8859-1.so...done.
    Loaded symbols for /usr/lib/gconv/ISO8859-1.so
    Reading symbols from /usr/X11R6/lib/libXcursor.so.1...done.
    Loaded symbols for /usr/X11R6/lib/libXcursor.so.1
    Reading symbols from /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-xpm.so...done.
    Loaded symbols for /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-xpm.so
    Reading symbols from /usr/lib/pango/1.2.0/modules/pango-basic-xft.so...done.
    Loaded symbols for /usr/lib/pango/1.2.0/modules/pango-basic-xft.so
    Reading symbols from /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-png.so...done.
    Loaded symbols for /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-png.so
    Reading symbols from /usr/lib/libpng12.so.0...done.
    Loaded symbols for /usr/lib/libpng12.so.0
#0  0x4020a7fb in mapi_decrypt_pdu (tvb=0x83d2d40, offset=32, pinfo=0x8c98980, tree=0x8404940, 
        drep=0x0) at ../packet-dcerpc-mapi.c:188
        188             add_new_data_source(pinfo, mmd->tvb, "Decrypted MAPI");
        (gdb) bt
#0  0x4020a7fb in mapi_decrypt_pdu (tvb=0x83d2d40, offset=32, pinfo=0x8c98980, tree=0x8404940, 
            drep=0x0) at ../packet-dcerpc-mapi.c:188
#1  0x4020ac55 in mapi_ec_do_rpc_request (tvb=0x83d2d40, offset=1075881548, pinfo=0x8c98980, 
                tree=0x8404940, drep=0xbfffc624 "\020") at ../packet-dcerpc-mapi.c:299
#2  0x40233b0e in dcerpc_try_handoff (pinfo=0x8c98980, tree=0x8405180, dcerpc_tree=0x406e4fe0, 
                    tvb=0x83d2d40, decrypted_tvb=0x83d2d40, drep=0xbfffc624 "\020", info=0x40852668, 
                        auth_info=0xbfffc590) at ../packet-dcerpc.c:2010

#3  0x40234fa2 in dissect_dcerpc_cn_stub (tvb=0x83d2ca4, offset=138227008, pinfo=0x8c98980, 
    dcerpc_tree=0x8404c28, tree=0x8405180, hdr=0xbfffc620, di=0x40852668, auth_info=0xbfffc590, 
        alloc_hint=48, frame=79609) at ../packet-dcerpc.c:2648
#4  0x4023522b in dissect_dcerpc_cn_rqst (tvb=0x83d2ca4, offset=24, pinfo=0x8c98980, 
            dcerpc_tree=0x8404c28, tree=0x8405180, hdr=0xbfffc620, transport_type=0)
    at ../packet-dcerpc.c:2950
#5  0x4023630c in dissect_dcerpc_cn (tvb=0x83d2ca4, offset=16, pinfo=0x8c98980, tree=0x8405180, 
        can_desegment=1, pkt_len=0xbfffc67c, transport_type=0) at ../packet-dcerpc.c:3480
#6  0x4023657f in dissect_dcerpc_cn_bs_body (tvb=0x83d2ca4, pinfo=0x8c98980, tree=0x8405180, 
            transport_type=0) at ../packet-dcerpc.c:3575
#7  0x402365a2 in dissect_dcerpc_cn_bs (tvb=0x83d2ca4, pinfo=0x8c98980, tree=0x8405180)
                at ../packet-dcerpc.c:3614
#8  0x4017a965 in dissector_try_heuristic (sub_dissectors=0x82a2b40, tvb=0x83d2ca4, 
                    pinfo=0x8c98980, tree=0x8405180) at packet.c:1448
#9  0x403fb218 in decode_tcp_ports (tvb=0x83d2c70, offset=32, pinfo=0x8c98980, tree=0x8405180, 
                        src_port=3040, dst_port=4515) at ../packet-tcp.c:2394
#10 0x403fb3c1 in process_tcp_payload (tvb=0x83d2c70, offset=32, pinfo=0x8c98980, 
                            tree=0x8405180, tcp_tree=0x8404ec8, src_port=3040, dst_port=4515, seq=273121, nxtseq=273217, 
                                is_tcp_segment=1) at ../packet-tcp.c:2428
#11 0x403fb526 in dissect_tcp_payload (tvb=0x83d2c70, pinfo=0x8c98980, offset=32, seq=273121, 
                                    nxtseq=273217, sport=3040, dport=1075881548, tree=0xbfffc29c, tcp_tree=0x8404ec8)
    at ../packet-tcp.c:2508
#12 0x403fbf8d in dissect_tcp (tvb=0x83d2c70, pinfo=0x8c98980, tree=0x8405180)
        at ../packet-tcp.c:2915
#13 0x401796db in call_dissector_through_handle (handle=0x82c2b28, tvb=0x83d2c70, 
            pinfo=0x8c98980, tree=0x8405180) at packet.c:363
#14 0x40179a11 in call_dissector_work (handle=0x82c2b28, tvb=0x83d2c70, pinfo=0x8c98980, 
                tree=0x8405180) at packet.c:513
#15 0x40179dde in dissector_try_port (sub_dissectors=0x8241748, port=6, tvb=0x83d2c70, 
                    pinfo=0x8c98980, tree=0x8405180) at packet.c:776
#16 0x402d2eb5 in dissect_ip (tvb=0x83d2c3c, pinfo=0x8c98980, tree=0x8405180)
                        at ../packet-ip.c:1098
#17 0x401796db in call_dissector_through_handle (handle=0x8241868, tvb=0x83d2c3c, 
                        ---Type <return> to continue, or q <return> to quit--- 
                            pinfo=0x8c98980, tree=0x8405180) at packet.c:363

#18 0x40179a11 in call_dissector_work (handle=0x8241868, tvb=0x83d2c3c, pinfo=0x8c98980, 
    tree=0x8405180) at packet.c:513
#19 0x40179dde in dissector_try_port (sub_dissectors=0x8226cf8, port=2048, tvb=0x83d2c3c, 
        pinfo=0x8c98980, tree=0x8405180) at packet.c:776
#20 0x402526da in ethertype (etype=2048, tvb=0x83d2c08, offset_after_etype=14, pinfo=0x8c98980, 
            tree=0x8405180, fh_tree=0x8405120, etype_id=3490, trailer_id=3492, fcs_len=-1)
    at ../packet-ethertype.c:177
#21 0x40251cc4 in dissect_eth_common (tvb=0x83d2c08, pinfo=0x8c98980, tree=0x8405180, fcs_len=-1)
        at ../packet-eth.c:292
#22 0x4025209a in dissect_eth_maybefcs (tvb=0x83d2c08, pinfo=0x4020a64c, tree=0x8405180)
            at ../packet-eth.c:387
#23 0x401796db in call_dissector_through_handle (handle=0x82a5b88, tvb=0x83d2c08, 
                pinfo=0x8c98980, tree=0x8405180) at packet.c:363
#24 0x40179a11 in call_dissector_work (handle=0x82a5b88, tvb=0x83d2c08, pinfo=0x8c98980, 
                    tree=0x8405180) at packet.c:513
#25 0x40179dde in dissector_try_port (sub_dissectors=0x8225318, port=1, tvb=0x83d2c08, 
                        pinfo=0x8c98980, tree=0x8405180) at packet.c:776
#26 0x4026adf3 in dissect_frame (tvb=0x83d2c08, pinfo=0x8c98980, tree=0x8405180)
                            at ../packet-frame.c:184
#27 0x401796db in call_dissector_through_handle (handle=0x8225380, tvb=0x83d2c08, 
                                pinfo=0x8c98980, tree=0x8405180) at packet.c:363
#28 0x40179a11 in call_dissector_work (handle=0x8225380, tvb=0x83d2c08, pinfo=0x8c98980, 
                                    tree=0x8405180) at packet.c:513
#29 0x4017ae18 in call_dissector (handle=0x8225380, tvb=0x83d2c08, pinfo=0x8c98980, 
                                        tree=0x8405180) at packet.c:1614
#30 0x4017967a in dissect_packet (edt=0x8c98978, pseudo_header=0x0, pd=0x80f84d8 "", 
                                            fd=0xad339d8, cinfo=0x8c98980) at packet.c:311
#31 0x401776f7 in epan_dissect_run (edt=0x8c98978, pseudo_header=0x80f8448, data=0x80f84d8 "", 
                                                fd=0xad339d8, cinfo=0x0) at epan.c:153
#32 0x08063c06 in select_packet (cf=0x80f83c0, row=135234632) at file.c:2685
#33 0x0807325c in packet_list_select_cb (w=0x8342490, row=79608, col=-1, evt=0x0)
                                                    at packet_list.c:263
#34 0x40a54942 in _gtk_marshal_VOID__INT_INT_BOXED () from /usr/lib/libgtk-x11-2.0.so.0
#35 0x40cf7ed7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#36 0x40d0a983 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#37 0x40d099a8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#38 0x40a96bcf in gtk_signal_emit () from /usr/lib/libgtk-x11-2.0.so.0
#39 0x409ded0d in gtk_clist_select_row () from /usr/lib/libgtk-x11-2.0.so.0
#40 0x08073ed9 in packet_list_set_selected_row (row=0) at packet_list.c:692

---Type <return> to continue, or q <return> to quit---
#41 0x08063a53 in goto_frame (cf=0x0, fnumber=1075881548) at file.c:2566
#42 0x0807a134 in redraw_hex_dump_all () at proto_draw.c:238
#43 0x08097199 in user_font_apply () at font_utils.c:550
#44 0x080980e8 in gui_prefs_apply (w=0x9a35430) at gui_prefs.c:473
#45 0x08075d18 in prefs_main_apply_all (dlg=0x9223aa0) at prefs_dlg.c:1009
#46 0x08075f53 in prefs_main_ok_cb (ok_bt=0xcd062c8, parent_w=0x9223aa0) at prefs_dlg.c:1067
#47 0x40d0ad77 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#48 0x40cf7ed7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#49 0x40d0a983 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#50 0x40d099a8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#51 0x40d09be4 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#52 0x409c7acb in gtk_button_clicked () from /usr/lib/libgtk-x11-2.0.so.0
#53 0x409c8abb in _gtk_button_paint () from /usr/lib/libgtk-x11-2.0.so.0
#54 0x40d0ad77 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#55 0x40cf8247 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#56 0x40cf7ed7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#57 0x40d0a20f in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#58 0x40d099a8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#59 0x40d09be4 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#60 0x409c7a0b in gtk_button_released () from /usr/lib/libgtk-x11-2.0.so.0
#61 0x409c893b in _gtk_button_paint () from /usr/lib/libgtk-x11-2.0.so.0
#62 0x40a52c2f in _gtk_marshal_BOOLEAN__BOXED () from /usr/lib/libgtk-x11-2.0.so.0
#63 0x40cf8247 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#64 0x40cf7ed7 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#65 0x40d0a439 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#66 0x40d097af in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#67 0x40d09be4 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#68 0x40b386fb in gtk_widget_send_expose () from /usr/lib/libgtk-x11-2.0.so.0
#69 0x40a52a27 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0
#70 0x40a51725 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#71 0x40c101a5 in _gdk_events_queue () from /usr/lib/libgdk-x11-2.0.so.0
#72 0x40d54b35 in g_get_current_time () from /usr/lib/libglib-2.0.so.0
#73 0x40d55b78 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#74 0x40d55e8d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#75 0x40d5658f in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#76 0x40a50f5f in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#77 0x0806f3fc in main (argc=0, argv=0xbfffecc8) at main.c:2547
#78 0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6