Wireshark-bugs: [Wireshark-bugs] [Bug 10714] Crash while analyze rtp streams

Date: Thu, 19 Feb 2015 16:49:50 +0000

Comment # 13 on bug 10714 from
Here is a more complete backtrace when running this version:
Wireshark 1.99.3 (v1.99.3rc0-218-g2bc71d3 from master)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.12.2, with Cairo 1.13.1, with Pango 1.36.6, with
libpcap, without POSIX capabilities, without libnl, with libz 1.2.8, with GLib
2.42.1, without SMI, without c-ares, without ADNS, without Lua, without GnuTLS,
without Gcrypt, without Kerberos, without GeoIP, without PortAudio, with
AirPcap.

Running on Linux 3.16.0-30-generic, with locale
LC_CTYPE=en_US.UTF-8;LC_NUMERIC=fr_FR.UTF-8;LC_TIME=fr_FR.UTF-8;LC_COLLATE=en_US.UTF-8;LC_MONETARY=fr_FR.UTF-8;LC_MESSAGES=en_US.UTF-8;LC_PAPER=fr_FR.UTF-8;LC_NAME=fr_FR.UTF-8;LC_ADDRESS=fr_FR.UTF-8;LC_TELEPHONE=fr_FR.UTF-8;LC_MEASUREMENT=fr_FR.UTF-8;LC_IDENTIFICATION=fr_FR.UTF-8,
with libpcap version 1.6.2, with libz 1.2.8, without AirPcap.
Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz

Built using gcc 4.9.1.


ERROR:address_types.c:916:address_to_str_buf: assertion failed: (addr->type <
MAX_ADDR_TYPE_VALUE)

Program received signal SIGABRT, Aborted.
0x00007ffff078be37 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56    ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007ffff078be37 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff078d528 in __GI_abort () at abort.c:89
#2  0x00007ffff12c6b25 in g_assertion_message () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff12c6bba in g_assertion_message_expr () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007ffff478892d in address_to_str_buf (addr=<optimized out>,
buf=<optimized out>, 
    buf_len=<optimized out>) at address_types.c:916
#5  0x00007ffff4786ed6 in address_to_display (allocator=<optimized out>,
addr=0x2009568)
    at addr_resolv.c:2962
#6  0x000000000049f4a9 in rtpstream_view_selection_func (selection=0xcd6,
model=0x7fffdc01ee90, 
    path=0x22d0850, path_currently_selected=1, userdata=0x0) at
rtp_stream_dlg.c:638
#7  0x00007ffff26b5882 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#8  0x00007ffff26b5913 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#9  0x00007ffff26b62f6 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#10 0x00007ffff26cb124 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#11 0x00007ffff26cd156 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#12 0x00007ffff1576245 in g_closure_invoke () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x00007ffff1587f3c in ?? () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007ffff1590748 in g_signal_emit_valist () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x00007ffff15909af in g_signal_emit () from
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#16 0x00007ffff25a5c45 in gtk_list_store_remove () from
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#17 0x00007ffff25a63af in gtk_list_store_clear () from
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#18 0x000000000049fbaa in rtpstream_dlg_update (list_lcl=0x21e9a20) at
rtp_stream_dlg.c:1091
#19 0x00007ffff47c455e in draw_tap_listeners (draw_all=draw_all@entry=0) at
tap.c:415
#20 0x000000000044017b in tap_update_cb (data="" out>) at main.c:1307
#21 0x00007ffff12a1613 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007ffff12a0b6d in g_main_context_dispatch () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ffff12a0f48 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007ffff12a1272 in g_main_loop_run () from
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007ffff25a9045 in gtk_main () from
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#26 0x0000000000423d32 in main (argc=0, argv=0x7fffffffde10) at main.c:3247

So it looks like a refresh of the tap and a call to gtk_list_store_clear()
triggers a call to rtpstream_view_selection_func(), leading to an invalid
memory access.

To reproduce it, I'm opening the trace, clicking on Telephony -> RTP -> Show
All Streams -> selecting first row -> clicking on Analyze button.


You are receiving this mail because:
  • You are watching all bug changes.