Wireshark-bugs: [Wireshark-bugs] [Bug 5382] New: Crash when incorrect rnti type supplied to LTE

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 11 Nov 2010 09:56:45 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5382

           Summary: Crash when incorrect rnti type supplied to LTE
                    dissector
           Product: Wireshark
           Version: 1.4.1
          Platform: x86
        OS/Version: Red Hat
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: antriksh.pany@xxxxxxxxx


Build Information:
wireshark 1.4.1

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.4, (64-bit) with GLib 2.12.3, with libpcap 0.9.4, with
libz 1.2.3, with POSIX capabilities (Linux), with libpcre (version unknown),
without SMI, without c-ares, without ADNS, without Lua, without Python, with
GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos, without GeoIP, without
PortAudio, without AirPcap.

Running on Linux 2.6.18-128.el5, with libpcap version 0.9.4, with libz 1.2.3,
GnuTLS 1.4.1, Gcrypt 1.2.4.

Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44).

--
On enabling "Try Heuristic LTE-MAC over UDP framing" [under the protocol
'MAC-LTE'], Wireshark crashes in some cases of an inconsistent pcap.

The inconsistency observed was due to rnti type (context information, not part
of the data payload) being incorrect. There was downlink system information
data (with RNTI of 0xffff), but rnti type was set to C_RNTI (3), instead of
SI_RNTI. This caused wireshark to interpret the data as UE specific data.
I have attached a sample pcap that causes such a crash.


It consistently caused a 'Segmentation Fault' on Linux (Red Hat 5.3).
This is what appeared on the terminal:
--------------
bash-3.2$ /opt/wireshark/bin/wireshark

(wireshark:10799): GLib-GObject-WARNING **: invalid (NULL) pointer instance

(wireshark:10799): GLib-GObject-CRITICAL **: g_signal_emit_by_name:
assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
Segmentation fault
bash-3.2$
bash-3.2$ uname -a
Linux dennis 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64
x86_64 x86_64 GNU/Linux
--------------


On Windows 7, it crashed consistently except on a few initial occasions when it
did open up.
-----------------------
Problem signature:
 Problem Event Name:   APPCRASH
 Application Name:     wireshark.exe
 Application Version:  1.4.1.34476
 Application Timestamp:        4cb35037
 Fault Module Name:    libwireshark.dll
 Fault Module Version: 1.4.1.34476
 Fault Module Timestamp:       4cb34ea4
 Exception Code:       c0000005
 Exception Offset:     0001148f
 OS Version:   6.1.7600.2.0.0.256.4
 Locale ID:    1033
 Additional Information 1:     0a9e
 Additional Information 2:     0a9e372d3b4ad19135b953a78882e789
 Additional Information 3:     0a9e
 Additional Information 4:     0a9e372d3b4ad19135b953a78882e789
-----------------------

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.