Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5118] New: 1.2.10 is crashing in S1AP decoder

Wireshark-bugs: [Wireshark-bugs] [Bug 5118] New: 1.2.10 is crashing in S1AP decoder

Date: Tue, 17 Aug 2010 13:30:38 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5118

           Summary: 1.2.10 is crashing in S1AP decoder
           Product: Wireshark
           Version: 1.2.10
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: psfales@xxxxxxxxxxxxxxxxxx


Build Information:
(This is the official darwin/PPC binary download from wireshark.org)

2010-08-17 15:25:06.316 defaults[32987:10b] 
The domain/default pair of (kCFPreferencesAnyApplication,
AppleAquaColorVariant)                 does not exist
2010-08-17 15:25:06.368 defaults[32988:10b] 
The domain/default pair of (kCFPreferencesAnyApplication, AppleHighlightColor)
d                oes not exist
./sync_osx_look.sh: line 40: gtkrc: Permission denied
wireshark 1.2.10 (SVN Rev 33656)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.10, (32-bit) with GLib 2.16.6, with libpcap 0.9.5, with
libz 1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8, with
c-ares 1.5.3, with Lua 5.1, with GnuTLS 2.6.2, with Gcrypt 1.4.3, with MIT
Kerberos, without GeoIP, with PortAudio V19-devel (built Nov 14 2008), without
AirPcap.

Running on Darwin 9.8.0 (MacOS 10.5.8), with libpcap version 0.9.5, GnuTLS
2.6.2, Gcrypt 1.4.3.

Built using gcc 4.0.1 (Apple Inc. build 5488).

--
The attached .cap file crashes when read using wireshark (or tshark) 1.2.10. 
The problem did not occur with 1.2.9 or earlier.   With tshark, you must use
the "-V" option to demonstrate the problem but both wireshark and tshark crash
at what appears to be the same point.

Starting program:
/opt/exp/expmake/build/wiresharksrc/build/wireshark/.libs/lt-tshark -V -r
/tmp/bad-s1ap.cap
[Thread debugging using libthread_db enabled]
[New Thread 1024 (LWP 9472)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 9472)]
0x405201b1 in col_append_fstr (cinfo=0x0, el=38, format=0x40f1f85b "%s ")
    at column-utils.c:375
375       for (i = cinfo->col_first[el]; i <= cinfo->col_last[el]; i++) {
(gdb) bt
#0  0x405201b1 in col_append_fstr (cinfo=0x0, el=38, format=0x40f1f85b "%s ")
    at column-utils.c:375
#1  0x40d0d330 in dissect_sctp_chunk (chunk_tvb=0x86446f0, pinfo=0x8756ff8, 
    tree=0x8757a68, sctp_tree=0x1000, ha=0x0, useinfo=1) at packet-sctp.c:3537
#2  0x40d0da07 in dissect_sctp_chunks (tvb=0x86446b8, pinfo=0x8756ff8, 
    tree=0x8757a68, sctp_item=0x87575e8, sctp_tree=0x87575e8, ha=0x0, 
    encapsulated=0) at packet-sctp.c:3697
#3  0x40d0e35d in dissect_sctp_packet (tvb=0x86446b8, pinfo=0x8756ff8, 
    tree=0x8757a68, encapsulated=4096) at packet-sctp.c:3850
#4  0x40d0e4f0 in dissect_sctp (tvb=0x86446b8, pinfo=0x8756ff8, tree=0x1000)
    at packet-sctp.c:3896
#5  0x4052e076 in call_dissector_through_handle (handle=0x841cfd8, 
    tvb=0x86446b8, pinfo=0x8756ff8, tree=0x8757a68) at packet.c:409
#6  0x4052e1cc in call_dissector_work (handle=0x841cfd8, tvb=0x86446b8, 
    pinfo_arg=0x8756ff8, tree=0x8757a68, add_proto_name=1) at packet.c:500
#7  0x4052ea19 in dissector_try_port_new (sub_dissectors=0x1000, port=132, 
    tvb=0x1000, pinfo=0x8756ff8, tree=0x1000, add_proto_name=4096)
    at packet.c:886
#8  0x4052ea71 in dissector_try_port (sub_dissectors=0x1000, port=4096, 
    tvb=0x1000, pinfo=0x1000, tree=0x1000) at packet.c:912
#9  0x40869189 in dissect_ip (tvb=0x8644680, pinfo=0x8756ff8, 
    parent_tree=0x8757a68) at packet-ip.c:1767
#10 0x4052e076 in call_dissector_through_handle (handle=0x82a0738, 
    tvb=0x8644680, pinfo=0x8756ff8, tree=0x8757a68) at packet.c:409
#11 0x4052e1cc in call_dissector_work (handle=0x82a0738, tvb=0x8644680, 
    pinfo_arg=0x8756ff8, tree=0x8757a68, add_proto_name=1) at packet.c:500
#12 0x4052ea19 in dissector_try_port_new (sub_dissectors=0x1000, port=2048, 
    tvb=0x1000, pinfo=0x8756ff8, tree=0x1000, add_proto_name=4096)
    at packet.c:886
#13 0x4052ea71 in dissector_try_port (sub_dissectors=0x1000, port=4096, 
    tvb=0x1000, pinfo=0x1000, tree=0x1000) at packet.c:912
#14 0x4076adf4 in ethertype (etype=2048, tvb=0x8644648, offset_after_etype=14, 
    pinfo=0x8756ff8, tree=0x8757a68, fh_tree=0x8757960, etype_id=4096, 
    trailer_id=15811, fcs_len=-1) at packet-ethertype.c:242
#15 0x40767ef1 in dissect_eth_common (tvb=0x8644648, pinfo=0x8756ff8, 
    parent_tree=0x8757a68, fcs_len=-1) at packet-eth.c:345
#16 0x40768393 in dissect_eth_maybefcs (tvb=0x1000, pinfo=0x0, tree=0x1000)
    at packet-eth.c:509
#17 0x4052e076 in call_dissector_through_handle (handle=0x81fc4a8, 
    tvb=0x8644648, pinfo=0x8756ff8, tree=0x8757a68) at packet.c:409
#18 0x4052e1cc in call_dissector_work (handle=0x81fc4a8, tvb=0x8644648, 
    pinfo_arg=0x8756ff8, tree=0x8757a68, add_proto_name=1) at packet.c:500
#19 0x4052ea19 in dissector_try_port_new (sub_dissectors=0x1000, port=1, 
    tvb=0x1000, pinfo=0x8756ff8, tree=0x1000, add_proto_name=4096)
    at packet.c:886
#20 0x4052ea71 in dissector_try_port (sub_dissectors=0x1000, port=4096, 
    tvb=0x1000, pinfo=0x1000, tree=0x1000) at packet.c:912
#21 0x407adc64 in dissect_frame (tvb=0x8644648, pinfo=0x8756ff8, 
    parent_tree=0x8757a68) at packet-frame.c:328
#22 0x4052e076 in call_dissector_through_handle (handle=0x81ffb28, 
    tvb=0x8644648, pinfo=0x8756ff8, tree=0x8757a68) at packet.c:409
#23 0x4052e1cc in call_dissector_work (handle=0x81ffb28, tvb=0x8644648, 
    pinfo_arg=0x8756ff8, tree=0x8757a68, add_proto_name=1) at packet.c:500
#24 0x4052fdbc in call_dissector_only (handle=0x0, tvb=0x1000, pinfo=0x1000, 
    tree=0x1000) at packet.c:1803
#25 0x4052fdfc in call_dissector (handle=0x1000, tvb=0x8644648, 
    pinfo=0x8756ff8, tree=0x8757a68) at packet.c:1816
#26 0x4052de6e in dissect_packet (edt=0x8756ff0, pseudo_header=0x1000, 
    pd=0x86f1ed0 "", fd=0xbffff680, cinfo=0x0) at packet.c:340
#27 0x40526d77 in epan_dissect_run (edt=0x1000, pseudo_header=0x1000, 
    data=0x1000 <Address 0x1000 out of bounds>, fd=0x1000, cinfo=0x1000)
    at epan.c:168
#28 0x0806896f in process_packet (cf=0x80947e0, offset=4096, whdr=0x1000, 
    pseudo_header=0x1000, pd=0x1000 <Address 0x1000 out of bounds>)
    at tshark.c:2466
#29 0x0806845f in load_cap_file (cf=0x80947e0, save_file=0x0, 
    out_file_type=4096, max_packet_count=0, max_byte_count=0) at tshark.c:2257
#30 0x08067c0a in main (argc=4, argv=0x1) at tshark.c:1565
(gdb)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 5118] 1.2.10 is crashing in S1AP decoder
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5118] 1.2.10 is crashing in S1AP decoder
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5118] 1.2.10 is crashing in S1AP decoder
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5115] Restore <Ctrl>A and <Ctrl>X functionality to the filter textbox
Next by Date: [Wireshark-bugs] [Bug 5118] 1.2.10 is crashing in S1AP decoder
Previous by thread: [Wireshark-bugs] [Bug 5117] tcp_dissect_pdus: Possible bug related to appending to COL_INFO ?
Next by thread: [Wireshark-bugs] [Bug 5118] 1.2.10 is crashing in S1AP decoder
Index(es):
- Date
- Thread