Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12531] wlan_radio.signal_dbm crash applied as column using sort by value

Wireshark-bugs: [Wireshark-bugs] [Bug 12531] wlan_radio.signal_dbm crash applied as column using

Date: Thu, 16 Jun 2016 01:53:34 +0000

Comment # 3 on bug 12531 from Guy Harris

(In reply to jbaldwin from comment #2)
> Created attachment 14655 [details]
> crash log
> 
> Is this the correct crash log you are looking for?

Yes.

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000020
Exception Note:        EXC_CORPSE_NOTIFY

VM Regions Near 0x20:
--> 
    __TEXT                 000000010a2d9000-000000010a9f1000 [ 7264K] r-x/rwx
SM=COW  /Applications/Wireshark.app/Contents/MacOS/Wireshark

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   org.wireshark.Wireshark           0x000000010a4a8111
PacketListRecord::columnString(_capture_file*, int, bool) + 17
1   org.wireshark.Wireshark           0x000000010a4a37e2
PacketListModel::recordLessThan(PacketListRecord*, PacketListRecord*) + 268
2   org.wireshark.Wireshark           0x000000010a4a7a71 void
std::__final_insertion_sort<PacketListRecord**, bool (*)(PacketListRecord*,
PacketListRecord*)>(PacketListRecord**, PacketListRecord**, bool
(*)(PacketListRecord*, PacketListRecord*)) + 113
3   org.wireshark.Wireshark           0x000000010a4a44be
PacketListModel::sort(int, Qt::SortOrder) + 1034
4   QtWidgets                         0x000000010af2c004 0x10ac9d000 + 2682884
5   QtCore                            0x000000010f674b6f
QMetaObject::activate(QObject*, int, int, void**) + 1871
6   QtWidgets                         0x000000010aef640d
QHeaderView::setSortIndicator(int, Qt::SortOrder) + 301
7   QtWidgets                         0x000000010aefb678 0x10ac9d000 + 2483832
8   QtWidgets                         0x000000010aefb518
QHeaderView::mouseReleaseEvent(QMouseEvent*) + 712
9   QtWidgets                         0x000000010ad021fe
QWidget::event(QEvent*) + 1486
10  QtWidgets                         0x000000010ade27a7 QFrame::event(QEvent*)
+ 183
11  QtWidgets                         0x000000010ae608ca
QAbstractScrollArea::viewportEvent(QEvent*) + 122
12  QtWidgets                         0x000000010aee4b1f
QAbstractItemView::viewportEvent(QEvent*) + 1391
13  QtWidgets                         0x000000010aefbc96
QHeaderView::viewportEvent(QEvent*) + 534
14  QtWidgets                         0x000000010ae613d5 0x10ac9d000 + 1852373
15  QtCore                            0x000000010f640c2c
QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) + 156
16  QtWidgets                         0x000000010acc9fe9
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 281
17  QtWidgets                         0x000000010accd447
QApplication::notify(QObject*, QEvent*) + 8631
18  QtCore                            0x000000010f640932
QCoreApplication::notifyInternal(QObject*, QEvent*) + 114
19  QtWidgets                         0x000000010acca8e8
QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*,
QWidget**, QPointer<QWidget>&, bool) + 952
20  QtWidgets                         0x000000010ad2056c 0x10ac9d000 + 537964
21  QtWidgets                         0x000000010ad1f84f 0x10ac9d000 + 534607
22  QtWidgets                         0x000000010acc9ffc
QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300
23  QtWidgets                         0x000000010acccabb
QApplication::notify(QObject*, QEvent*) + 6187
24  QtCore                            0x000000010f640932
QCoreApplication::notifyInternal(QObject*, QEvent*) + 114
25  QtGui                             0x000000010ef4f5fc
QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
+ 2140
26  QtGui                             0x000000010ef4e565
QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
+ 117
27  QtGui                             0x000000010ef3d1cb
QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
+ 315
28  libqcocoa.dylib                   0x0000000112731f0d 0x112712000 + 130829
29  libqcocoa.dylib                   0x00000001127328a8 0x112712000 + 133288
30  com.apple.CoreFoundation          0x00007fff9e9f6881
__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
31  com.apple.CoreFoundation          0x00007fff9e9d5fbc __CFRunLoopDoSources0
+ 556
32  com.apple.CoreFoundation          0x00007fff9e9d54df __CFRunLoopRun + 927
33  com.apple.CoreFoundation          0x00007fff9e9d4ed8 CFRunLoopRunSpecific +
296
34  com.apple.HIToolbox               0x00007fff9d70b935
RunCurrentEventLoopInMode + 235
35  com.apple.HIToolbox               0x00007fff9d70b677 ReceiveNextEventCommon
+ 184
36  com.apple.HIToolbox               0x00007fff9d70b5af
_BlockUntilNextEventMatchingListInModeWithFilter + 71
37  com.apple.AppKit                  0x00007fff99d52efa _DPSNextEvent + 1067
38  com.apple.AppKit                  0x00007fff99d5232a -[NSApplication
_nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
39  com.apple.AppKit                  0x00007fff99d46e84 -[NSApplication run] +
682
40  libqcocoa.dylib                   0x00000001127315e4 0x112712000 + 128484
41  QtCore                            0x000000010f63d9ad
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 381
42  QtCore                            0x000000010f640ee7
QCoreApplication::exec() + 359
43  org.wireshark.Wireshark           0x000000010a2e3b3c main + 5468
44  org.wireshark.Wireshark           0x000000010a2e1f84 start + 52

Disassembling PacketListRecord::columnString in the results of compiling
top-of-2.x-branch Wireshark gives:

wireshark`PacketListRecord::columnString:
wireshark[0x1001ce580] <+0>:   pushq  %rbp
wireshark[0x1001ce581] <+1>:   movq   %rsp, %rbp
wireshark[0x1001ce584] <+4>:   pushq  %r15
wireshark[0x1001ce586] <+6>:   pushq  %r14
wireshark[0x1001ce588] <+8>:   pushq  %r13
wireshark[0x1001ce58a] <+10>:  pushq  %r12
wireshark[0x1001ce58c] <+12>:  pushq  %rbx
wireshark[0x1001ce58d] <+13>:  pushq  %rax
wireshark[0x1001ce58e] <+14>:  movl   %ecx, %r15d
wireshark[0x1001ce591] <+17>:  movq   %rdx, %rbx
wireshark[0x1001ce594] <+20>:  movq   %rsi, %r12
wireshark[0x1001ce597] <+23>:  movq   %rdi, %r14
wireshark[0x1001ce59a] <+26>:  cmpq   $0x0, 0x8(%r12)
wireshark[0x1001ce5a0] <+32>:  je     0x1001ce6e4               ; <+356> at
packet_list_record.cpp:55

Different version of clang, so there's no guarantee that the code is exactly
the same; PacketListRecord::columnString+17 is just a register-to-register move
there, but perhaps it's the cmpq $0x0, 0x8(%r12) in the official 2.0.4 release,
in which case that's probably

    g_assert(fdata_);

and fdata_ is the second private member, following col_text_, which is a
pointer, so it's at least plausible that it's the g_assert() call.

So that would suggest that the "this" pointer is null; as there's no virtual
subclassing here, there'd be no need to use the pointer to find the method.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 12531] New: wlan_radio.signal_dbm crash applied as column using sort by value
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 1257] "Save As ..." shouldn't reload the temp file
Next by Date: [Wireshark-bugs] [Bug 1314] VoIP Call graph error - picks up a telnet frame as an RTP frame
Previous by thread: [Wireshark-bugs] [Bug 12531] wlan_radio.signal_dbm crash applied as column using sort by value
Next by thread: [Wireshark-bugs] [Bug 12531] wlan_radio.signal_dbm crash applied as column using sort by value
Index(es):
- Date
- Thread