Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5284] new_packet_list: redissection + redraw crashes when multi-data-source pa

Wireshark-bugs: [Wireshark-bugs] [Bug 5284] new_packet_list: redissection + redraw crashes when

Date: Sat, 30 Oct 2010 13:09:09 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5284

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|Medium                      |High
                 CC|                            |jeff.morriss.ws@xxxxxxxxx
            Summary|Changing packet filter      |new_packet_list:
                   |crashes wireshark           |redissection + redraw
                   |                            |crashes when
                   |                            |multi-data-source packet is
                   |                            |selected
           Severity|Major                       |Critical

--- Comment #1 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-10-30 13:09:03 PDT ---
Nice analysis!

Interestingly I could not reproduce the problem using your steps directly, but
I was able to (every time) by:

1) setting the WIRESHARK_DEBUG_SCRUB_MEMORY environment variable
2) goto frame 33 (doesn't matter if 41 is visible)
3) apply a filter

(Step 1 ensures that all ep_ allocated memory is scrubbed, thus removing the
requirement for packet 41's allocations to do the overwriting.)

Not surprisingly, this problem is new to the new packet list; Synopsis updated.
 Importance bumped up a bit too.

I don't know enough about way the packet list stuff works to be of much help,
but here's a backtrace showing where add_byte_views() is causing a redraw which
is causing a redissection (and subsequently an scrub/overwrite of the ep
memory):

#4  0x00007f27fb41d7b1 in ep_free_all () at emem.c:1121
#5  0x00007f27fb41f09e in epan_dissect_run (edt=0x7fffdf3801b0,
pseudo_header=0x7fffdf380340, data=0x7fffdf3701b0 "", fd=0x2989cd0,
cinfo=<value optimized out>) at epan.c:199
#6  0x0000000000460f7f in packet_list_dissect_and_cache_record
(packet_list=0x26200d0, record=0x7f27eaffef70, dissect_columns=1,
dissect_color=1) at packet_list_store.c:1119
#7  0x0000000000460430 in show_cell_data_func (col=<value optimized out>,
renderer=0x27541c0, model=<value optimized out>, iter=0x7fffdf380680, data=0x0)
at new_packet_list.c:1300
#8  0x00000036ffc71163 in gtk_tree_view_column_cell_set_cell_data () from
/usr/lib64/libgtk-x11-2.0.so.0
#9  0x00000036ffc6ad59 in ?? () from /usr/lib64/libgtk-x11-2.0.so.0
#10 0x00000036ffc6ca23 in ?? () from /usr/lib64/libgtk-x11-2.0.so.0
#11 0x00000036ffb51003 in ?? () from /usr/lib64/libgtk-x11-2.0.so.0
#12 0x00000036f8e0b98e in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#13 0x00000036f8e1f59c in ?? () from /lib64/libgobject-2.0.so.0
#14 0x00000036f8e20c29 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#15 0x00000036f8e213a3 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#16 0x00000036ffc8190f in ?? () from /usr/lib64/libgtk-x11-2.0.so.0
#17 0x00000036ffb4919e in gtk_main_do_event () from
/usr/lib64/libgtk-x11-2.0.so.0
#18 0x00000036fda4340a in ?? () from /usr/lib64/libgdk-x11-2.0.so.0
#19 0x00000036fda433b7 in ?? () from /usr/lib64/libgdk-x11-2.0.so.0
#20 0x00000036fda433b7 in ?? () from /usr/lib64/libgdk-x11-2.0.so.0
#21 0x00000036fda3fecb in ?? () from /usr/lib64/libgdk-x11-2.0.so.0
#22 0x00000036fda448be in gdk_window_process_updates () from
/usr/lib64/libgdk-x11-2.0.so.0
#23 0x00000036ffc17484 in ?? () from /usr/lib64/libgtk-x11-2.0.so.0
#24 0x00000036f8e0b98e in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#25 0x00000036f8e1f59c in ?? () from /lib64/libgobject-2.0.so.0
#26 0x00000036f8e20de6 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#27 0x00000036f8e213a3 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#28 0x00000036ffc857fc in gtk_widget_set_scroll_adjustments () from
/usr/lib64/libgtk-x11-2.0.so.0
#29 0x00000036ffbbb318 in ?? () from /usr/lib64/libgtk-x11-2.0.so.0
#30 0x00000036f8e0b98e in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#31 0x00000036f8e1f228 in ?? () from /lib64/libgobject-2.0.so.0
#32 0x00000036f8e20de6 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#33 0x00000036f8e213a3 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#34 0x0000000000455861 in add_byte_tab (byte_nb=0x2762170, name=<value
optimized out>, tvb=0x286dc00, tree=0x29962a0, tree_view=0x26223f0) at
main_proto_draw.c:696
#35 0x00000000004579fa in add_byte_views (edt=0x2840c50, tree_view=0x26223f0,
byte_nb_ptr=0x2762170) at main_proto_draw.c:747
#36 0x000000000044c17c in main_cf_cb_packet_selected (event=<value optimized
out>, data=0x7c6e00, user_data=<value optimized out>) at main.c:1716
#37 main_cf_callback (event=<value optimized out>, data=0x7c6e00,
user_data=<value optimized out>) at main.c:1775
#38 0x000000000043537f in cf_callback_invoke (event=4, data=0x7c6e00) at
file.c:162
#39 0x0000000000460703 in new_packet_list_select_cb (tree_view=<value optimized
out>, data=<value optimized out>) at new_packet_list.c:1215
#40 0x00000036f8e0b98e in g_closure_invoke () from /lib64/libgobject-2.0.so.0
#41 0x00000036f8e1f947 in ?? () from /lib64/libgobject-2.0.so.0
#42 0x00000036f8e20de6 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#43 0x00000036f8e213a3 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#44 0x00000036ffc62ac6 in ?? () from /usr/lib64/libgtk-x11-2.0.so.0
#45 0x00000036ffc6ce4c in gtk_tree_view_set_cursor_on_cell () from
/usr/lib64/libgtk-x11-2.0.so.0
#46 0x000000000045e00c in scroll_to_and_select_iter (model=<value optimized
out>, selection=0x27636c0, iter=0x7fffdf381fa0) at new_packet_list.c:1026
#47 0x000000000045e112 in new_packet_list_find_row_from_data (data=0x29894c0,
select_flag=1) at new_packet_list.c:1137
#48 0x0000000000437264 in rescan_packets (cf=0x7c6e00, action=0x5058db
"Filtering", action_item=0x2ac21b0 "ip", refilter=1, redissect=0) at
file.c:2101
#49 0x0000000000437737 in cf_filter_packets (cf=0x7c6e00, dftext=0x2ac21b0
"ip", force=<value optimized out>) at file.c:1716
#50 0x000000000044edd0 in main_filter_packets (cf=0x7c6e00, dftext=<value
optimized out>, force=0) at main_filter_toolbar.c:385

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 5284] New: Changing packet filter crashes wireshark
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5351] RTMPT improvements
Next by Date: [Wireshark-bugs] [Bug 4992] Support to decode the Gearman protocol
Previous by thread: [Wireshark-bugs] [Bug 5284] New: Changing packet filter crashes wireshark
Next by thread: [Wireshark-bugs] [Bug 5284] new_packet_list: redissection + redraw crashes when multi-data-source packet is selected
Index(es):
- Date
- Thread