Wireshark-dev: [Wireshark-dev] Wireshark / Tshark 0.99.4 crashes with Segmentation fault where

From: "März, Frank" <Frank.Maerz@xxxxxxxxxxx>
Date: Mon, 13 Nov 2006 13:44:43 +0100
Title: Nachricht
Hello Wireshark Community,
 
I have discovered a problem with causes Wireshark and Tshark to crash with a  segmentation fault error. This problem is new to the version 0.99.4.  I have a tcpdumb which holds mostly GTP data which I would like to open or filter with Wireshark or Tshark. When I use the same capture file in 0.99.2 I have no problems at all.
 
I have made a gdb backtrace which I have attached to this email. I can not include the capture file due to the size 110MB and due to it holds private data.
 
I would appreciate if somebody could have a look at this please. Sorry I do not understand this output myself.
 
Best Regards,

Frank
 
(gdb)
Continuing.
 
Program received signal SIGSEGV, Segmentation fault.
0x00f08abc in check_offset_length_no_exception (tvb=0x8f0e9a0, offset=0, length=4, offset_ptr=0xbf400064, length_ptr=0xbf400068, exception=0x0) at tvbuff.c:389
389             if (!compute_offset_length(tvb, offset, length, offset_ptr, length_ptr, exception)) {
(gdb)
 

(gdb) backtrace
#0  0x00f08abc in check_offset_length_no_exception (tvb=0x8f0e9a0, offset=0, length=4, offset_ptr=0xbf400064, length_ptr=0xbf400068, exception=0x0) at tvbuff.c:389
#1  0x00f099f0 in ensure_contiguous_no_exception (tvb=0x8f0e9a0, offset=Variable "offset" is not available.
) at tvbuff.c:824
#2  0x00f0a990 in tvb_memeql (tvb=0x8f0e9a0, offset=0, str=0x1512474 "", size=4) at tvbuff.c:1696
#3  0x01042f82 in dissect_dcerpc_cn (tvb=0x8f0e9a0, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, can_desegment=1, pkt_len=0xbf40029c) at packet-dcerpc.c:3809
#4  0x01044e3e in dissect_dcerpc_cn_bs_body (tvb=0x8f0e9a0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-dcerpc.c:4104
#5  0x00ee850c in dissector_try_heuristic (sub_dissectors=0x887c5c8, tvb=0x8f0e9a0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:1532
#6  0x01111722 in dissect_http_message (tvb=0x8f0e96c, offset=0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1112
#7  0x01112002 in dissect_http (tvb=0x8f0e96c, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1947
#8  0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60, tvb=0x8f0e96c, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#9  0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e96c, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#10 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80, tvb=0x8f0e96c, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#11 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e938, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830, tcpd=0xb6919828) at packet-tcp.c:1901
#12 0x012e7c7c in process_tcp_payload (tvb=0x8f0e938, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80, dst_port=1830, seq=1047784259,
    nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at packet-tcp.c:1960
#13 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e938, pinfo=0x8a9ce10, offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830, tree=0x89f2298,
    tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
#14 0x01111f38 in dissect_http_message (tvb=0x8f0e904, offset=0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
#15 0x01112002 in dissect_http (tvb=0x8f0e904, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1947
#16 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60, tvb=0x8f0e904, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#17 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e904, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#18 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80, tvb=0x8f0e904, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#19 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e8d0, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830, tcpd=0xb6919828) at packet-tcp.c:1901
#20 0x012e7c7c in process_tcp_payload (tvb=0x8f0e8d0, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80, dst_port=1830, seq=1047784259,
    nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at packet-tcp.c:1960
#21 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e8d0, pinfo=0x8a9ce10, offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830, tree=0x89f2298,
    tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
#22 0x01111f38 in dissect_http_message (tvb=0x8f0e6c0, offset=0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
#23 0x01112002 in dissect_http (tvb=0x8f0e6c0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1947
#24 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60, tvb=0x8f0e6c0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#25 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e6c0, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#26 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80, tvb=0x8f0e6c0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#27 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e68c, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830, tcpd=0xb6919828) at packet-tcp.c:1901
#28 0x012e7c7c in process_tcp_payload (tvb=0x8f0e68c, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80, dst_port=1830, seq=1047784259,
    nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at packet-tcp.c:1960
#29 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e68c, pinfo=0x8a9ce10, offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830, tree=0x89f2298,
    tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
#30 0x01111f38 in dissect_http_message (tvb=0x8f0e658, offset=0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
#31 0x01112002 in dissect_http (tvb=0x8f0e658, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1947
#32 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60, tvb=0x8f0e658, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#33 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e658, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#34 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80, tvb=0x8f0e658, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#35 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e624, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830, tcpd=0xb6919828) at packet-tcp.c:1901
#36 0x012e7c7c in process_tcp_payload (tvb=0x8f0e624, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80, dst_port=1830, seq=1047784259,
    nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at packet-tcp.c:1960
#37 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e624, pinfo=0x8a9ce10, offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830, tree=0x89f2298,
    tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
#38 0x01111f38 in dissect_http_message (tvb=0x8f0e5f0, offset=0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
#39 0x01112002 in dissect_http (tvb=0x8f0e5f0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1947
#40 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60, tvb=0x8f0e5f0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#41 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e5f0, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#42 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80, tvb=0x8f0e5f0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#43 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e5bc, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830, tcpd=0xb6919828) at packet-tcp.c:1901
#44 0x012e7c7c in process_tcp_payload (tvb=0x8f0e5bc, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80, dst_port=1830, seq=1047784259,
    nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at packet-tcp.c:1960
#45 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e5bc, pinfo=0x8a9ce10, offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830, tree=0x89f2298,
    tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
#46 0x01111f38 in dissect_http_message (tvb=0x8f0e588, offset=0, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
#47 0x01112002 in dissect_http (tvb=0x8f0e588, pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1947
#48 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60, tvb=0x8f0e588, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#49 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e588, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#50 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80, tvb=0x8f0e588, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#51 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e554, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830, tcpd=0xb6919828) at packet-tcp.c:1901
#52 0x012e7c7c in process_tcp_payload (tvb=0x8f0e554, offset=0, pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80, dst_port=1830, seq=1047784259,
    nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at packet-tcp.c:1960
#53 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e554, pinfo=0x8a9ce10, offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830, tree=0x89f2298,
---Type <return> to continue, or q <return> to quit---
 
.
.
.
.
.
 

#72723 0x00ee6a7f in call_dissector_through_handle (handle=0x8697c40, tvb=0x8b62698, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#72724 0x00ee6dd3 in call_dissector_work (handle=0x8697c40, tvb=0x8b62698, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#72725 0x00ee7051 in call_dissector (handle=0x8697c40, tvb=0x8b62698, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:1711
#72726 0x010f142f in dissect_gtp (tvb=0x8b62664, pinfo=0x8a9ce10, tree=0x89f2298) at packet-gtp.c:5781
#72727 0x00ee6a7f in call_dissector_through_handle (handle=0x866bee0, tvb=0x8b62664, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#72728 0x00ee6dd3 in call_dissector_work (handle=0x866bee0, tvb=0x8b62664, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#72729 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87ee330, port=2152, tvb=0x8b62664, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#72730 0x012fc7fc in decode_udp_ports (tvb=0x8b62630, offset=8, pinfo=0x8a9ce10, tree=0x89f2298, uh_sport=2152, uh_dport=2152, uh_ulen=1316) at packet-udp.c:140
#72731 0x012fccd7 in dissect (tvb=0x8b62630, pinfo=0x8a9ce10, tree=0x89f2298, ip_proto=1114112) at packet-udp.c:347
#72732 0x00ee6a7f in call_dissector_through_handle (handle=0x88b35c8, tvb=0x8b62630, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#72733 0x00ee6dd3 in call_dissector_work (handle=0x88b35c8, tvb=0x8b62630, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#72734 0x00ee78e6 in dissector_try_port (sub_dissectors=0x8692b98, port=17, tvb=0x8b62630, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#72735 0x0112e373 in dissect_ip (tvb=0x8b625fc, pinfo=0x8a9ce10, parent_tree=0x89f2298) at packet-ip.c:1187
#72736 0x00ee6a7f in call_dissector_through_handle (handle=0x8697c40, tvb=0x8b625fc, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#72737 0x00ee6dd3 in call_dissector_work (handle=0x8697c40, tvb=0x8b625fc, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#72738 0x00ee78e6 in dissector_try_port (sub_dissectors=0x865c448, port=2048, tvb=0x8b625fc, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#72739 0x010888d6 in ethertype (etype=2048, tvb=0x8b625c8, offset_after_etype=14, pinfo=0x8a9ce10, tree=0x89f2298, fh_tree=0x89f2208, etype_id=10010,
    trailer_id=10012, fcs_len=-1) at packet-ethertype.c:197
#72740 0x01086451 in dissect_eth_common (tvb=0x8b625c8, pinfo=0x8a9ce10, parent_tree=0x89f2298, fcs_len=-1) at packet-eth.c:344
#72741 0x00ee6a7f in call_dissector_through_handle (handle=0x889fbb8, tvb=0x8b625c8, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
 
#72742 0x00ee6dd3 in call_dissector_work (handle=0x889fbb8, tvb=0x8b625c8, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#72743 0x00ee78e6 in dissector_try_port (sub_dissectors=0x86565d8, port=1, tvb=0x8b625c8, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
#72744 0x010a4edc in dissect_frame (tvb=0x8b625c8, pinfo=0x8a9ce10, parent_tree=0x89f2298) at packet-frame.c:286
#72745 0x00ee6a7f in call_dissector_through_handle (handle=0x8656698, tvb=0x8b625c8, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
#72746 0x00ee6dd3 in call_dissector_work (handle=0x8656698, tvb=0x8b625c8, pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
#72747 0x00ee7051 in call_dissector (handle=0x8656698, tvb=0x8b625c8, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:1711
#72748 0x00ee74c2 in dissect_packet (edt=0x8a9ce08, pseudo_header=0x897a82c, pd=0x89fdf90 "", fd=0x8b1cb84, cinfo=0x8174e78) at packet.c:331
#72749 0x00ee3829 in epan_dissect_run (edt=0x8a9ce08, pseudo_header=0x897a82c, data="" "", fd=0x8b1cb84, cinfo=0x8174e78) at epan.c:195
#72750 0x08069494 in add_packet_to_packet_list (fdata=0x8b1cb84, cf=0x8164d60, pseudo_header=0x897a82c, buf=0x89fdf90 "", refilter=1) at file.c:831
#72751 0x080696d6 in read_packet (cf=0x8164d60, offset=761329) at file.c:955
#72752 0x08069988 in cf_read (cf=0x8164d60) at file.c:459
 
#72753 0x080b4e90 in file_open_ok_cb (w=0x8962ad0, fs=0x8901370) at capture_file_dlg.c:715
#72754 0x002ad1a0 in gtk_marshal_NONE__NONE () from /usr/lib/libgtk-1.2.so.0
#72755 0x0027a427 in gtk_signal_connect_while_alive () from /usr/lib/libgtk-1.2.so.0
---Type <return> to continue, or q <return> to quit---
#72756 0x0027b230 in gtk_signal_emit_stop_by_name () from /usr/lib/libgtk-1.2.so.0
#72757 0x0027bee7 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#72758 0x0031934a in gtk_button_clicked () from /usr/lib/libgtk-1.2.so.0
#72759 0x0031abd8 in gtk_button_set_relief () from /usr/lib/libgtk-1.2.so.0
#72760 0x002ad1a0 in gtk_marshal_NONE__NONE () from /usr/lib/libgtk-1.2.so.0
#72761 0x0027b2dd in gtk_signal_emit_stop_by_name () from /usr/lib/libgtk-1.2.so.0
#72762 0x0027bee7 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#72763 0x00319267 in gtk_button_released () from /usr/lib/libgtk-1.2.so.0
#72764 0x0031a462 in gtk_button_set_relief () from /usr/lib/libgtk-1.2.so.0
#72765 0x002ace79 in gtk_marshal_BOOL__POINTER () from /usr/lib/libgtk-1.2.so.0
#72766 0x0027b333 in gtk_signal_emit_stop_by_name () from /usr/lib/libgtk-1.2.so.0
#72767 0x0027bee7 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#72768 0x002411b9 in gtk_widget_event () from /usr/lib/libgtk-1.2.so.0
#72769 0x002aec0c in gtk_propagate_event () from /usr/lib/libgtk-1.2.so.0
#72770 0x002aefa7 in gtk_main_do_event () from /usr/lib/libgtk-1.2.so.0
#72771 0x00154620 in gdk_event_get () from /usr/lib/libgdk-1.2.so.0
#72772 0x0018b287 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#72773 0x0018bf13 in g_main_add_poll () from /usr/lib/libglib-1.2.so.0
#72774 0x0018c0e5 in g_main_run () from /usr/lib/libglib-1.2.so.0
#72775 0x002ae232 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#72776 0x0807ed6d in main (argc=0, argv=0xbffcd438) at main.c:2985
(gdb)
 
(gdb)