Wireshark-bugs: [Wireshark-bugs] [Bug 11043] New: "Decode As..." crashes when a packet dialog is
Date: Mon, 09 Mar 2015 14:28:00 +0000
| Bug ID | 11043 |
|---|---|
| Summary | "Decode As..." crashes when a packet dialog is open |
| Product | Wireshark |
| Version | 1.99.x (Experimental) |
| Hardware | x86 |
| OS | All |
| Status | UNCONFIRMED |
| Severity | Major |
| Priority | Low |
| Component | GTK+ UI |
| Assignee | [email protected] |
| Reporter | [email protected] |
Build Information: v1.99.4rc0-34-g6bc138c -- Wireshark GTK crashes when using the Decode As option while a packet dialog is open. Steps to reproduce: 1. Use any capture, double-click the packet to open it in a new window. 2. Right-click on the main packet tree, select Decode As.. 3. Select 9P (for example) and press OK (or double-click the protocol). 3. ASAN violation. I tried to reproduce it with Qt, but that dialog seems broken (the protocol does not seem to get saved). trace with wireshark-gtk: ==12667==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000e43980 at pc 0x7fffea4ad3e0 bp 0x7fffffffcb60 sp 0x7fffffffcb50 READ of size 8 at 0x603000e43980 thread T0 #0 0x7fffea4ad3df in epan_get_interface_name epan/epan.c:175 #1 0x7fffeac74d02 in dissect_frame epan/dissectors/packet-frame.c:313 #2 0x7fffea4e4569 in call_dissector_through_handle epan/packet.c:612 #3 0x7fffea4e4b91 in call_dissector_work epan/packet.c:700 #4 0x7fffea4ebd8b in call_dissector_only epan/packet.c:2373 #5 0x7fffea4ebdcf in call_dissector_with_data epan/packet.c:2386 #6 0x7fffea4e2d7c in dissect_record epan/packet.c:492 #7 0x7fffea4ade13 in epan_dissect_run epan/epan.c:330 #8 0x4bd65f in redissect_packet_window ui/gtk/packet_win.c:193 #9 0x7ffff54bf10c in g_list_foreach (/usr/lib/libglib-2.0.so.0+0x4710c) #10 0x4c78da in redissect_all_packet_windows ui/gtk/packet_win.c:1043 #11 0x659ca1 in decode_ok_cb ui/gtk/decode_as_dlg.c:735 #12 0x65ab54 in decode_list_button_press_cb ui/gtk/decode_as_dlg.c:1058 #13 0x7ffff682e84c (/usr/lib/libgtk-3.so.0+0x1ed84c) #14 0x7ffff5796431 in g_closure_invoke (/usr/lib/libgobject-2.0.so.0+0x10431) #15 0x7ffff57a8afb (/usr/lib/libgobject-2.0.so.0+0x22afb) #16 0x7ffff57b1294 in g_signal_emit_valist (/usr/lib/libgobject-2.0.so.0+0x2b294) #17 0x7ffff57b19ee in g_signal_emit (/usr/lib/libgobject-2.0.so.0+0x2b9ee) #18 0x7ffff695f293 (/usr/lib/libgtk-3.so.0+0x31e293) #19 0x7ffff682c2ad (/usr/lib/libgtk-3.so.0+0x1eb2ad) #20 0x7ffff682de6d in gtk_main_do_event (/usr/lib/libgtk-3.so.0+0x1ece6d) #21 0x7ffff63d6bf1 (/usr/lib/libgdk-3.so.0+0x4fbf1) #22 0x7ffff54c2e2b in g_main_context_dispatch (/usr/lib/libglib-2.0.so.0+0x4ae2b) #23 0x7ffff54c3127 (/usr/lib/libglib-2.0.so.0+0x4b127) #24 0x7ffff54c3471 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x4b471) #25 0x7ffff682d174 in gtk_main (/usr/lib/libgtk-3.so.0+0x1ec174) #26 0x48ab58 in main ui/gtk/main.c:3250 #27 0x7fffe20c47ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff) #28 0x424348 in _start (/tmp/wsbuild/run/wireshark-gtk+0x424348) 0x603000e43980 is located 16 bytes inside of 32-byte region [0x603000e43970,0x603000e43990) freed by thread T0 here: #0 0x7ffff6f5752f in __interceptor_free (/usr/lib/libasan.so.1+0x5752f) #1 0x7fffea4ad5e1 in epan_free epan/epan.c:202 #2 0x43b6c6 in rescan_packets file.c:1858 #3 0x43aaa4 in cf_redissect_packets file.c:1724 #4 0x48cf6c in redissect_packets ui/gtk/main.c:3890 #5 0x659c9c in decode_ok_cb ui/gtk/decode_as_dlg.c:734 #6 0x65ab54 in decode_list_button_press_cb ui/gtk/decode_as_dlg.c:1058 #7 0x7ffff682e84c (/usr/lib/libgtk-3.so.0+0x1ed84c) previously allocated by thread T0 here: #0 0x7ffff6f577a7 in malloc (/usr/lib/libasan.so.1+0x577a7) #1 0x7ffff54c8cf1 in g_malloc (/usr/lib/libglib-2.0.so.0+0x50cf1) #2 0x7ffff54e021f in g_slice_alloc (/usr/lib/libglib-2.0.so.0+0x6821f) #3 0x7fffea4ad285 in epan_new epan/epan.c:155 #4 0x43223f in ws_epan_new file.c:288 #5 0x4324b2 in cf_open file.c:322 #6 0x48a731 in main ui/gtk/main.c:3098 #7 0x7fffe20c47ff in __libc_start_main (/usr/lib/libc.so.6+0x207ff) SUMMARY: AddressSanitizer: heap-use-after-free epan/epan.c:175 epan_get_interface_name
You are receiving this mail because:
- You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 11043] "Decode As..." crashes when a packet dialog is open
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11043] "Decode As..." crashes when a packet dialog is open
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11043] "Decode As..." crashes when a packet dialog is open
- Prev by Date: [Wireshark-bugs] [Bug 10016] Crash when using the "RTP Analyze" option
- Next by Date: [Wireshark-bugs] [Bug 9450] More generic Decode As interface
- Previous by thread: [Wireshark-bugs] [Bug 10714] Crash while analyze rtp streams
- Next by thread: [Wireshark-bugs] [Bug 11043] "Decode As..." crashes when a packet dialog is open
- Index(es):