Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12183] tshark with randpktdump reporting "pointer being freed was not allocate

Wireshark-bugs: [Wireshark-bugs] [Bug 12183] tshark with randpktdump reporting "pointer being fr

Date: Wed, 11 May 2016 19:51:33 +0000
What	Removed	Added
Status	UNCONFIRMED	CONFIRMED
Ever confirmed		1
Comment # 9 on bug 12183 from Jim Young
> Has this part been fixed?

I'm unclear as to which part "this part" is. ;-)

Regarding the first part:

> 1. The fact that randpktdump is run by "default"

Running tshark with no parameters successfully starts capturing on the en0
interface.  No more randpktdump by default.

Regarding the second part:

> 2. Use-after-free error potentially caused by randpktdump running.

I just tested with very new buildbot image (Wireshark 2.1.0-3003-gd5031d5
(v2.1.0rc0-3003-gd5031d5 from unknown).

If I start Wireshark and start a capture with the Random packet generator:
randpkt I see no packets generated and when I stop the capture I get a dialog
box with the message:

> "Unexpected error from select: Interrupted system call"

I these messages in the Terminal window I launched Wireshark from:

> <snip>
> 15:28:07  Capture Msg  Capture Stop ...
> 15:28:07     Main Dbg  Callback: capture stopping
> 15:28:07  Capture Dbg  read 31 ok indicator: E len: 63 msg: E
> 15:28:07  Capture Msg  Error message from child: "Unexpected error from select: Interrupted system call", ""
> 15:28:14  Capture Dbg  read from pipe 31: EOF (capture closed?)
> 15:28:14  Capture Dbg  read 31 got an EOF
> 15:28:14  Capture Dbg  sync_pipe_wait_for_child: wait till child closed
> 15:28:14  Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0.000s
> 15:28:14  Capture Dbg  sync_pipe_input_cb: cleaning extcap pipe
> 15:28:14  Capture Dbg  Extcap [randpkt] - Cleaning up fifo: /var/folders/9m/5pp94qw16cvdh2jbj9cbtpwm0000gn/T//wireshark_extcap_20160511152804_V7tvsI; PID: 17908
> 15:28:14  Capture Dbg  Extcap [randpkt] - Closing spawned PID: 17908
> 15:28:14  Capture Msg  Capture stopped.
> 15:28:14     Main Dbg  Callback: capture failed
> 15:28:14          Dbg  FIX: capture_info_ui_destroy
> 15:28:15  Capture Dbg  sync_interface_stats_open
> 15:28:15  Capture Dbg  sync_pipe_open_command
> 15:28:15  Capture Dbg  read 32 indicator: S empty value

Its important to note that Wireshark has NOT crashed, and I am able to
successfully capture on different interfaces.  But if I attempt a
multi-interface capture with randpkt as one of the two interface (for example
en0 (wifi in my case) and randpkt) I will see NOT capture any packets and will
get the same "Unexpected error from select: Interrupted system call" message
when stopping the capture.  I CAN successfully capture from multiple interfaces
if randpkt is NOT one of the selected interfaces.

I then listed the available interfaces with tshark -D and saw following (again
I have my wireshark profile running with a verbose console.log.level):

> jmac3:wireshark jyoung$ tshark -D
> Capture-Message: Capture Interface List ...
> (process:10977): Capture-DEBUG: sync_interface_list_open
> Capture-INFO: sync_pipe_run_command() starts
> (process:10977): Capture-DEBUG:   argv[0]: /Applications/Wireshark.app/Contents/MacOS/dumpcap
> (process:10977): Capture-DEBUG:   argv[1]: -D
> (process:10977): Capture-DEBUG:   argv[2]: -Z
> (process:10977): Capture-DEBUG:   argv[3]: none
> (process:10977): Capture-DEBUG: sync_pipe_open_command
> (process:10977): Capture-DEBUG: read 4 indicator: S empty value
> (process:10977): Capture-DEBUG: sync_pipe_wait_for_child: wait till child closed
> (process:10977): Capture-DEBUG: sync_pipe_wait_for_child: capture child closed after 0.000s
> Capture-INFO: sync_pipe_run_command() ends, taking 0.044s, result=0
> Capture-Message: Loading External Capture Interface List ...
> (process:10977): Capture-DEBUG: Extcap pipe /Applications/Wireshark.app/Contents/MacOS/extcap/androiddump 
> dyld: Library not loaded: @rpath/libssh.4.dylib
>   Referenced from: /Applications/Wireshark.app/Contents/MacOS/extcap/ciscodump
>   Reason: image not found
> (process:10977): Capture-DEBUG: Extcap pipe /Applications/Wireshark.app/Contents/MacOS/extcap/randpktdump 
> (process:10977): Capture-DEBUG:   Extcap [(null)] 
> (process:10977): Capture-DEBUG:   Interface [randpkt] "Random packet generator" 
> dyld: Library not loaded: @rpath/libssh.4.dylib
>   Referenced from: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump
>   Reason: image not found
> 1. en0 (Wi-Fi)
> 2. awdl0
> 3. bridge0 (Thunderbolt Bridge)
> 4. en1 (Thunderbolt 1)
> 5. en2 (Thunderbolt 2)
> 6. p2p0
> 7. lo0 (Loopback)
> 8. randpkt (Random packet generator)
> jmac3:wireshark jyoung$

Up until now I had sort of assumed that the "pointer being freed was not
allocated" had been fixed.  But a tshark -i randpkt seems to show otherwise:

> jmac3:wireshark jyoung$ tshark -i randpkt 
> Capture-Message: Capture Interface List ...
> (process:11570): Capture-DEBUG: sync_interface_list_open
> Capture-INFO: sync_pipe_run_command() starts
> (process:11570): Capture-DEBUG:   argv[0]: /Applications/Wireshark.app/Contents/MacOS/dumpcap
> (process:11570): Capture-DEBUG:   argv[1]: -D
> (process:11570): Capture-DEBUG:   argv[2]: -Z
> (process:11570): Capture-DEBUG:   argv[3]: none
> (process:11570): Capture-DEBUG: sync_pipe_open_command
> (process:11570): Capture-DEBUG: read 4 indicator: S empty value
> (process:11570): Capture-DEBUG: sync_pipe_wait_for_child: wait till child closed
> (process:11570): Capture-DEBUG: sync_pipe_wait_for_child: capture child closed after 0.000s
> Capture-INFO: sync_pipe_run_command() ends, taking 0.041s, result=0
> Capture-Message: Loading External Capture Interface List ...
> (process:11570): Capture-DEBUG: Extcap pipe /Applications/Wireshark.app/Contents/MacOS/extcap/androiddump 
> dyld: Library not loaded: @rpath/libssh.4.dylib
>   Referenced from: /Applications/Wireshark.app/Contents/MacOS/extcap/ciscodump
>   Reason: image not found
> (process:11570): Capture-DEBUG: Extcap pipe /Applications/Wireshark.app/Contents/MacOS/extcap/randpktdump 
> (process:11570): Capture-DEBUG:   Extcap [(null)] 
> (process:11570): Capture-DEBUG:   Interface [randpkt] "Random packet generator" 
> dyld: Library not loaded: @rpath/libssh.4.dylib
>   Referenced from: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump
>   Reason: image not found
> Capture-Message: Capture Interface List ...
> (process:11570): Capture-DEBUG: sync_interface_list_open
> Capture-INFO: sync_pipe_run_command() starts
> (process:11570): Capture-DEBUG:   argv[0]: /Applications/Wireshark.app/Contents/MacOS/dumpcap
> (process:11570): Capture-DEBUG:   argv[1]: -D
> (process:11570): Capture-DEBUG:   argv[2]: -Z
> (process:11570): Capture-DEBUG:   argv[3]: none
> (process:11570): Capture-DEBUG: sync_pipe_open_command
> (process:11570): Capture-DEBUG: read 4 indicator: S empty value
> (process:11570): Capture-DEBUG: sync_pipe_wait_for_child: wait till child closed
> (process:11570): Capture-DEBUG: sync_pipe_wait_for_child: capture child closed after 0.000s
> Capture-INFO: sync_pipe_run_command() ends, taking 0.041s, result=0
> Capture-Message: Loading External Capture Interface List ...
> (process:11570): Capture-DEBUG: Extcap pipe /Applications/Wireshark.app/Contents/MacOS/extcap/androiddump 
> dyld: Library not loaded: @rpath/libssh.4.dylib
>   Referenced from: /Applications/Wireshark.app/Contents/MacOS/extcap/ciscodump
>   Reason: image not found
> (process:11570): Capture-DEBUG: Extcap pipe /Applications/Wireshark.app/Contents/MacOS/extcap/randpktdump 
> (process:11570): Capture-DEBUG:   Extcap [(null)] 
> (process:11570): Capture-DEBUG:   Interface [randpkt] "Random packet generator" 
> dyld: Library not loaded: @rpath/libssh.4.dylib
>   Referenced from: /Applications/Wireshark.app/Contents/MacOS/extcap/sshdump
>   Reason: image not found
> Capturing on 'Random packet generator'
> (process:11570): Capture-DEBUG: sync_pipe_start
> (process:11570): Capture-DEBUG: CAPTURE OPTIONS     :
> (process:11570): Capture-DEBUG: Interface name[00]  : randpkt
> (process:11570): Capture-DEBUG: Interface description[00] : Random packet generator
> (process:11570): Capture-DEBUG: Console display name[00]: Random packet generator
> (process:11570): Capture-DEBUG: Capture filter[00]  : (unspecified)
> (process:11570): Capture-DEBUG: Snap length[00] (0) : 262144
> (process:11570): Capture-DEBUG: Link Type[00]       : -1
> (process:11570): Capture-DEBUG: Promiscuous Mode[00]: TRUE
> (process:11570): Capture-DEBUG: Extcap[00]          : /Applications/Wireshark.app/Contents/MacOS/extcap/randpktdump
> (process:11570): Capture-DEBUG: Extcap FIFO[00]     : (unspecified)
> (process:11570): Capture-DEBUG: Extcap PID[00]      : -1
> (process:11570): Capture-DEBUG: Buffer size[00]     : 2 (MB)
> (process:11570): Capture-DEBUG: Monitor Mode[00]    : FALSE
> (process:11570): Capture-DEBUG: Interface name[df]  : (unspecified)
> (process:11570): Capture-DEBUG: Interface Descr[df] : (unspecified)
> (process:11570): Capture-DEBUG: Capture filter[df]  : (unspecified)
> (process:11570): Capture-DEBUG: Snap length[df] (0) : 262144
> (process:11570): Capture-DEBUG: Link Type[df]       : -1
> (process:11570): Capture-DEBUG: Promiscuous Mode[df]: TRUE
> (process:11570): Capture-DEBUG: Extcap[df]          : (unspecified)
> (process:11570): Capture-DEBUG: Extcap FIFO[df]     : (unspecified)
> (process:11570): Capture-DEBUG: Buffer size[df]     : 2 (MB)
> (process:11570): Capture-DEBUG: Monitor Mode[df]    : FALSE
> (process:11570): Capture-DEBUG: SavingToFile        : 0
> (process:11570): Capture-DEBUG: SaveFile            : 
> (process:11570): Capture-DEBUG: GroupReadAccess     : 0
> (process:11570): Capture-DEBUG: Fileformat          : PCAPNG
> (process:11570): Capture-DEBUG: RealTimeMode        : 1
> (process:11570): Capture-DEBUG: ShowInfo            : 1
> (process:11570): Capture-DEBUG: QuitAfterCap        : 0
> (process:11570): Capture-DEBUG: MultiFilesOn        : 0
> (process:11570): Capture-DEBUG: FileDuration    (0) : 60
> (process:11570): Capture-DEBUG: RingNumFiles    (0) : 0
> (process:11570): Capture-DEBUG: AutostopFiles   (0) : 1
> (process:11570): Capture-DEBUG: AutostopPackets (0) : 0
> (process:11570): Capture-DEBUG: AutostopFilesize(0) : 1000 (KB)
> (process:11570): Capture-DEBUG: AutostopDuration(0) : 60
> (process:11570): Capture-DEBUG: Extcap - Creating fifo: /var/folders/9m/5pp94qw16cvdh2jbj9cbtpwm0000gn/T//wireshark_extcap_20160511151243_3J1ee4
> (process:11570): Capture-DEBUG: Extcap path /Applications/Wireshark.app/Contents/MacOS/extcap
> (process:11570): Capture-DEBUG: argv[0]: /Applications/Wireshark.app/Contents/MacOS/extcap/randpktdump
> (process:11570): Capture-DEBUG: argv[1]: --capture
> (process:11570): Capture-DEBUG: argv[2]: --extcap-interface
> (process:11570): Capture-DEBUG: argv[3]: randpkt
> (process:11570): Capture-DEBUG: argv[4]: --fifo
> (process:11570): Capture-DEBUG: argv[5]: /var/folders/9m/5pp94qw16cvdh2jbj9cbtpwm0000gn/T//wireshark_extcap_20160511151243_3J1ee4
> (process:11570): Capture-DEBUG: argv[6]: --type 
> (process:11570): Capture-DEBUG: argv[0]: /Applications/Wireshark.app/Contents/MacOS/dumpcap
> (process:11570): Capture-DEBUG: argv[1]: -n
> (process:11570): Capture-DEBUG: argv[2]: -i
> (process:11570): Capture-DEBUG: argv[3]: /var/folders/9m/5pp94qw16cvdh2jbj9cbtpwm0000gn/T//wireshark_extcap_20160511151243_3J1ee4
> (process:11570): Capture-DEBUG: argv[4]: -Z
> (process:11570): Capture-DEBUG: argv[5]: none
> /Applications/Wireshark.app/Contents/MacOS/extcap/randpktdump --capture --extcap-interface randpkt --fifo /var/folders/9m/5pp94qw16cvdh2jbj9cbtpwm0000gn/T//wireshark_extcap_20160511151243_3J1ee4 --type  
> Generating packets: dns
> ^C
> (process:11570): Capture-DEBUG: read 6 ok indicator: E len: 63 msg: E
> tshark: Unexpected error from select: Interrupted system call
> 
> (process:11570): Capture-DEBUG: read from pipe 6: EOF (capture closed?)
> (process:11570): Capture-DEBUG: read 6 got an EOF
> (process:11570): Capture-DEBUG: sync_pipe_wait_for_child: wait till child closed
> (process:11570): Capture-DEBUG: sync_pipe_wait_for_child: capture child closed after 0.000s
> (process:11570): Capture-DEBUG: sync_pipe_input_cb: cleaning extcap pipe
> (process:11570): Capture-DEBUG: Extcap [randpkt] - Cleaning up fifo: /var/folders/9m/5pp94qw16cvdh2jbj9cbtpwm0000gn/T//wireshark_extcap_20160511151243_3J1ee4; PID: 11591
> (process:11570): Capture-DEBUG: Extcap [randpkt] - Closing spawned PID: 11591
> 0 packets captured
> ** (process:11570): DEBUG: input pipe closed
> tshark(11570,0x7fff7b360300) malloc: *** error for object 0xa706d75640034: pointer being freed was not allocated
> *** set a breakpoint in malloc_error_break to debug
> Abort trap: 6
> jmac3:wireshark jyoung$

It appears that the original issue described in bug title has not in fact been
resolved. :-(

But now that randpkt is no longer the default interface it is less likely that
Joe Random User is likely to stumble upon the "pointer being freed was not
allocated".
You are receiving this mail because:
You are watching all bug changes.
Prev by Date: [Wireshark-bugs] [Bug 12425] Profile command line switch "-C" not work with Qt interface.
Next by Date: [Wireshark-bugs] [Bug 1814] Capture filters not work when capturing from named pipes or stdin
Previous by thread: [Wireshark-bugs] [Bug 12183] tshark with randpktdump reporting "pointer being freed was not allocated" on exit
Next by thread: [Wireshark-bugs] [Bug 11759] Add new EDNS0 Option
Index(es):
- Date
- Thread