Wireshark-bugs: [Wireshark-bugs] [Bug 8281] New: Wireshark out-of-memory crash on Windows Server
Date: Thu, 31 Jan 2013 20:38:13 +0000
Bug ID | 8281 |
---|---|
Summary | Wireshark out-of-memory crash on Windows Server when logged in via Remote Desktop |
Classification | Unclassified |
Product | Wireshark |
Version | 1.8.5 |
Hardware | x86-64 |
OS | Windows Server 2008 R2 |
Status | UNCONFIRMED |
Severity | Major |
Priority | Low |
Component | Wireshark |
Assignee | [email protected] |
Reporter | [email protected] |
Created attachment 9912 [details] Wireshark capture using "Use multiple files" option and "Ring buffer with" 2. Build Information: Version 1.8.5 (SVN Rev 47350 from /trunk-1.8) Copyright 1998-2013 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with GLib 2.34.1, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Jan 29 2013), with AirPcap. Running on 64-bit Windows Server 2008 R2 Service Pack 1, build 7601, with WinPcap version 4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap. Built using Microsoft Visual C++ 10.0 build 40219 -- Wireshark v1.8.5, 64-bit version on Windows Server 2008 R2 with 2gig memory, running as a VM under RHEL with xen runs out of memory after a very short time. Measurements of memory usage are from Windows Task Manager, "Processes" tab. When monitoring live or when viewing a captured file (see attached), Wireshark uses a lot more memory when logged into Windows using Remote Desktop, than when logged in directly on the local console. When logged in via Remote Desktop, after loading the captured file, if I move down through the frames one at a time, by the time I get to frame 1600, Wireshark is using 1.5 Gig of memory Windows Server 2003, Windows Server 2008 (32-bit) and Windows Server 2008 R2 (64-bit). On Windows 7 (64-bit version) via Remote Desktop and on XP (32-bit), when I do the same thing, the memory usage fluctuates up and down within a 3 meg range. The capture file is only 973K bytes long and has 2953 frames. Viewing all 2953 frame this way, Wireshark 32-bit versions only is using 86Meg of memory on Windows XP. Wireshark memory problem occurs on Windows Servers, when logged in via MS Remote Desktop. Both Wireshark 32-bit and 64-bit have the problem. Wireshark memory problem does NOT occur when logged in to the xen console to Windows Servers. (Tested both Wireshark 32-bit and 64-bit) The common theme of when the problem occurs is Windows Server 2003, 2008 32-bit, or 2008 64-bit when logged in via MS Remote Desktop. Wireshark v1.8.4 and Wireshark-win32-1.9.0-SVN-47367.exe (32-bit version) has same problems on Windows Server 2003 (32-bit). Using VS 2010 Express, on the Windows Server 2003, I found the following with v1.8.4: When I traced through the selection of a frame in the top window it looks like it is in the GTK. Specifically, the call in function add_byte_tab() in main_proto_draw.c (line 763 in v1.8.4): gtk_container_get(...) increases memory usage in Wireshark by 164K bytes under Windows Server 2003, but only 4K bytes under Windows XP. This was moving from 1st to 2nd frame of a captured file. As far as I can tell, all the other memory allocation occurs outside of the Wireshark.exe, either before or after it is called from the GTK.
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 8277] SMB2: Wireshark shows wrong decode for MechListMIC
- Next by Date: [Wireshark-bugs] [Bug 8282] New: DICOM dissector: Extended Negotiation support missing
- Previous by thread: [Wireshark-bugs] [Bug 6685] Add support for VoIP Calls statistics in TShark
- Next by thread: [Wireshark-bugs] [Bug 8282] New: DICOM dissector: Extended Negotiation support missing
- Index(es):