Wireshark-bugs: [Wireshark-bugs] [Bug 1151] New: Tshark segfaults with lots of IP addresses on e

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 6 Oct 2006 11:58:49 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1151

           Summary: Tshark segfaults with lots of IP addresses on eth device
           Product: Wireshark
           Version: 0.99.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Critical
          Priority: High
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: tamas@xxxxxxxx


Build Information:
I've tested two tshark versions:
# tshark -v
TShark 0.99.4-SVN-19441

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 1.2.10, with libpcap 0.9.4, with libz 1.2.3,
with libpcre 6.3, without UCD-SNMP or Net-SNMP, without ADNS, without Lua,
without GnuTLS, without Gcrypt, without Kerberos.

Running on Linux 2.6.17-gentoo-r8
with libpcap version 0.9.4 .

and

# tshark -v
TShark 0.99.3

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 1.2.10, with libpcap 0.9.4, with libz 1.2.3,
with libpcre 6.3, with Net-SNMP 5.2.1.2, with ADNS, without Lua.

Running with libpcap version 0.9.4 on Linux 2.6.16-hardened-r11.

(and I've also tested 0.99.3 with a base gentoo kernel.)
--
I've set 64K-128K (!) IP addresses on eth0 (don't ask why, it's a traffic
generating machine) and I wanted to trace some network stuff with tshark.
Unfortunately no traffic is shown (tshark -ni eth0, with or w/o filters) and
when I interrupt tshark with ctrl+c, it crashes with segmentation fault.

When I start tshark on the machine, it eats up about 64MB memory and doesn't
show any packets.

The machine is an IBM eSeries x335 with P4-Xeon 2,8GHz and 2GB RAM, no disks,
root fs mounted with nfs. Linux is gentoo with kernel 2.6.17, gcc is 4.1.1
(both hardened with PIE+SSP and "ordinal" version).

Tshark works correctly on the same machine when there's only one IP address on
eth0.

If you need it, I can send you a strace/ptrace list.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.