Wireshark-dev: Re: [Wireshark-dev] Wireshark / Tshark 0.99.4 crashes with Segmentation fault wh

From: "Anders Broman \(AL/EAB\)" <anders.broman@xxxxxxxxxxxx>
Date: Mon, 13 Nov 2006 16:58:08 +0100
Hi,
The problem seems to be with dcerpc perghaps you can filter out those frames with 0.99.2 and try 0.99.4?
BR
Anders

________________________________

Från: wireshark-dev-bounces@xxxxxxxxxxxxx genom Jaap Keuter
Skickat: må 2006-11-13 16:55
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Wireshark / Tshark 0.99.4 crashes with Segmentation fault where p rev. version worked



Hi,

110MB is certainly a big trace. I guess you have a rough idea at which
part of the capture file the crash occurs. Can your 'editcap' that piece
out of the big capture and check if the problem remains? You could also
cut it in 5 x 22MB pieces, which should easily load into Wireshark one by
one.

Thanx,
Jaap

On Mon, 13 Nov 2006, [iso-8859-1] "Mrz, Frank" wrote:

> Hello Wireshark Community,
>
> I have discovered a problem with causes Wireshark and Tshark to crash with a
> segmentation fault error. This problem is new to the version 0.99.4.  I have
> a tcpdumb which holds mostly GTP data which I would like to open or filter
> with Wireshark or Tshark. When I use the same capture file in 0.99.2 I have
> no problems at all.
>
> I have made a gdb backtrace which I have attached to this email. I can not
> include the capture file due to the size 110MB and due to it holds private
> data.
>
> I would appreciate if somebody could have a look at this please. Sorry I do
> not understand this output myself.
>
> Best Regards,
>
> Frank
>
> (gdb)
> Continuing.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00f08abc in check_offset_length_no_exception (tvb=0x8f0e9a0, offset=0,
> length=4, offset_ptr=0xbf400064, length_ptr=0xbf400068, exception=0x0) at
> tvbuff.c:389
> 389             if (!compute_offset_length(tvb, offset, length, offset_ptr,
> length_ptr, exception)) {
> (gdb)
>
>
> (gdb) backtrace
> #0  0x00f08abc in check_offset_length_no_exception (tvb=0x8f0e9a0, offset=0,
> length=4, offset_ptr=0xbf400064, length_ptr=0xbf400068, exception=0x0) at
> tvbuff.c:389
> #1  0x00f099f0 in ensure_contiguous_no_exception (tvb=0x8f0e9a0,
> offset=Variable "offset" is not available.
> ) at tvbuff.c:824
> #2  0x00f0a990 in tvb_memeql (tvb=0x8f0e9a0, offset=0, str=0x1512474 "",
> size=4) at tvbuff.c:1696
> #3  0x01042f82 in dissect_dcerpc_cn (tvb=0x8f0e9a0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, can_desegment=1, pkt_len=0xbf40029c) at
> packet-dcerpc.c:3809
> #4  0x01044e3e in dissect_dcerpc_cn_bs_body (tvb=0x8f0e9a0, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-dcerpc.c:4104
> #5  0x00ee850c in dissector_try_heuristic (sub_dissectors=0x887c5c8,
> tvb=0x8f0e9a0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:1532
> #6  0x01111722 in dissect_http_message (tvb=0x8f0e96c, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1112
> #7  0x01112002 in dissect_http (tvb=0x8f0e96c, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #8  0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e96c, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #9  0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e96c,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #10 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e96c, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #11 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e938, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #12 0x012e7c7c in process_tcp_payload (tvb=0x8f0e938, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
>     nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #13 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e938, pinfo=0x8a9ce10,
> offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830,
> tree=0x89f2298,
>     tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
> #14 0x01111f38 in dissect_http_message (tvb=0x8f0e904, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
> #15 0x01112002 in dissect_http (tvb=0x8f0e904, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #16 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e904, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #17 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e904,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #18 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e904, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #19 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e8d0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #20 0x012e7c7c in process_tcp_payload (tvb=0x8f0e8d0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
>     nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #21 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e8d0, pinfo=0x8a9ce10,
> offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830,
> tree=0x89f2298,
>     tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
> #22 0x01111f38 in dissect_http_message (tvb=0x8f0e6c0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
> #23 0x01112002 in dissect_http (tvb=0x8f0e6c0, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #24 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e6c0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #25 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e6c0,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #26 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e6c0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #27 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e68c, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #28 0x012e7c7c in process_tcp_payload (tvb=0x8f0e68c, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
>     nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #29 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e68c, pinfo=0x8a9ce10,
> offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830,
> tree=0x89f2298,
>     tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
> #30 0x01111f38 in dissect_http_message (tvb=0x8f0e658, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
> #31 0x01112002 in dissect_http (tvb=0x8f0e658, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #32 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e658, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #33 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e658,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #34 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e658, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #35 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e624, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #36 0x012e7c7c in process_tcp_payload (tvb=0x8f0e624, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
>     nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #37 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e624, pinfo=0x8a9ce10,
> offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830,
> tree=0x89f2298,
>     tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
> #38 0x01111f38 in dissect_http_message (tvb=0x8f0e5f0, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
> #39 0x01112002 in dissect_http (tvb=0x8f0e5f0, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #40 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e5f0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #41 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e5f0,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #42 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e5f0, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #43 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e5bc, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #44 0x012e7c7c in process_tcp_payload (tvb=0x8f0e5bc, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
>     nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #45 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e5bc, pinfo=0x8a9ce10,
> offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830,
> tree=0x89f2298,
>     tcp_tree=0x89f2298, tcpd=0xb6919828) at packet-tcp.c:2036
> #46 0x01111f38 in dissect_http_message (tvb=0x8f0e588, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet-http.c:1442
> #47 0x01112002 in dissect_http (tvb=0x8f0e588, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-http.c:1947
> #48 0x00ee6a7f in call_dissector_through_handle (handle=0x868ae60,
> tvb=0x8f0e588, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #49 0x00ee6dd3 in call_dissector_work (handle=0x868ae60, tvb=0x8f0e588,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #50 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87e9160, port=80,
> tvb=0x8f0e588, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #51 0x012e7b31 in decode_tcp_ports (tvb=0x8f0e554, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, src_port=80, dst_port=1830,
> tcpd=0xb6919828) at packet-tcp.c:1901
> #52 0x012e7c7c in process_tcp_payload (tvb=0x8f0e554, offset=0,
> pinfo=0x8a9ce10, tree=0x89f2298, tcp_tree=0x89f2298, src_port=80,
> dst_port=1830, seq=1047784259,
>     nxtseq=1047785519, is_tcp_segment=1, tcpd=0xb6919828) at
> packet-tcp.c:1960
> #53 0x012e83c5 in dissect_tcp_payload (tvb=0x8f0e554, pinfo=0x8a9ce10,
> offset=0, seq=1047784259, nxtseq=1047785519, sport=80, dport=1830,
> tree=0x89f2298,
> ---Type <return> to continue, or q <return> to quit---
>
> .
> .
> .
> .
> .
>
>
> #72723 0x00ee6a7f in call_dissector_through_handle (handle=0x8697c40,
> tvb=0x8b62698, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #72724 0x00ee6dd3 in call_dissector_work (handle=0x8697c40, tvb=0x8b62698,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #72725 0x00ee7051 in call_dissector (handle=0x8697c40, tvb=0x8b62698,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:1711
> #72726 0x010f142f in dissect_gtp (tvb=0x8b62664, pinfo=0x8a9ce10,
> tree=0x89f2298) at packet-gtp.c:5781
> #72727 0x00ee6a7f in call_dissector_through_handle (handle=0x866bee0,
> tvb=0x8b62664, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #72728 0x00ee6dd3 in call_dissector_work (handle=0x866bee0, tvb=0x8b62664,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #72729 0x00ee78e6 in dissector_try_port (sub_dissectors=0x87ee330,
> port=2152, tvb=0x8b62664, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #72730 0x012fc7fc in decode_udp_ports (tvb=0x8b62630, offset=8,
> pinfo=0x8a9ce10, tree=0x89f2298, uh_sport=2152, uh_dport=2152, uh_ulen=1316)
> at packet-udp.c:140
> #72731 0x012fccd7 in dissect (tvb=0x8b62630, pinfo=0x8a9ce10,
> tree=0x89f2298, ip_proto=1114112) at packet-udp.c:347
> #72732 0x00ee6a7f in call_dissector_through_handle (handle=0x88b35c8,
> tvb=0x8b62630, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #72733 0x00ee6dd3 in call_dissector_work (handle=0x88b35c8, tvb=0x8b62630,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #72734 0x00ee78e6 in dissector_try_port (sub_dissectors=0x8692b98, port=17,
> tvb=0x8b62630, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #72735 0x0112e373 in dissect_ip (tvb=0x8b625fc, pinfo=0x8a9ce10,
> parent_tree=0x89f2298) at packet-ip.c:1187
> #72736 0x00ee6a7f in call_dissector_through_handle (handle=0x8697c40,
> tvb=0x8b625fc, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #72737 0x00ee6dd3 in call_dissector_work (handle=0x8697c40, tvb=0x8b625fc,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #72738 0x00ee78e6 in dissector_try_port (sub_dissectors=0x865c448,
> port=2048, tvb=0x8b625fc, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #72739 0x010888d6 in ethertype (etype=2048, tvb=0x8b625c8,
> offset_after_etype=14, pinfo=0x8a9ce10, tree=0x89f2298, fh_tree=0x89f2208,
> etype_id=10010,
>     trailer_id=10012, fcs_len=-1) at packet-ethertype.c:197
> #72740 0x01086451 in dissect_eth_common (tvb=0x8b625c8, pinfo=0x8a9ce10,
> parent_tree=0x89f2298, fcs_len=-1) at packet-eth.c:344
> #72741 0x00ee6a7f in call_dissector_through_handle (handle=0x889fbb8,
> tvb=0x8b625c8, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
>
> #72742 0x00ee6dd3 in call_dissector_work (handle=0x889fbb8, tvb=0x8b625c8,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #72743 0x00ee78e6 in dissector_try_port (sub_dissectors=0x86565d8, port=1,
> tvb=0x8b625c8, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:842
> #72744 0x010a4edc in dissect_frame (tvb=0x8b625c8, pinfo=0x8a9ce10,
> parent_tree=0x89f2298) at packet-frame.c:286
> #72745 0x00ee6a7f in call_dissector_through_handle (handle=0x8656698,
> tvb=0x8b625c8, pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:392
> #72746 0x00ee6dd3 in call_dissector_work (handle=0x8656698, tvb=0x8b625c8,
> pinfo_arg=0x8a9ce10, tree=0x89f2298) at packet.c:567
> #72747 0x00ee7051 in call_dissector (handle=0x8656698, tvb=0x8b625c8,
> pinfo=0x8a9ce10, tree=0x89f2298) at packet.c:1711
> #72748 0x00ee74c2 in dissect_packet (edt=0x8a9ce08, pseudo_header=0x897a82c,
> pd=0x89fdf90 "", fd=0x8b1cb84, cinfo=0x8174e78) at packet.c:331
> #72749 0x00ee3829 in epan_dissect_run (edt=0x8a9ce08,
> pseudo_header=0x897a82c, data=0x89fdf90 "", fd=0x8b1cb84, cinfo=0x8174e78)
> at epan.c:195
> #72750 0x08069494 in add_packet_to_packet_list (fdata=0x8b1cb84,
> cf=0x8164d60, pseudo_header=0x897a82c, buf=0x89fdf90 "", refilter=1) at
> file.c:831
> #72751 0x080696d6 in read_packet (cf=0x8164d60, offset=761329) at file.c:955
> #72752 0x08069988 in cf_read (cf=0x8164d60) at file.c:459
>
> #72753 0x080b4e90 in file_open_ok_cb (w=0x8962ad0, fs=0x8901370) at
> capture_file_dlg.c:715
> #72754 0x002ad1a0 in gtk_marshal_NONE__NONE () from /usr/lib/libgtk-1.2.so.0
> #72755 0x0027a427 in gtk_signal_connect_while_alive () from
> /usr/lib/libgtk-1.2.so.0
> ---Type <return> to continue, or q <return> to quit---
> #72756 0x0027b230 in gtk_signal_emit_stop_by_name () from
> /usr/lib/libgtk-1.2.so.0
> #72757 0x0027bee7 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
> #72758 0x0031934a in gtk_button_clicked () from /usr/lib/libgtk-1.2.so.0
> #72759 0x0031abd8 in gtk_button_set_relief () from /usr/lib/libgtk-1.2.so.0
> #72760 0x002ad1a0 in gtk_marshal_NONE__NONE () from /usr/lib/libgtk-1.2.so.0
> #72761 0x0027b2dd in gtk_signal_emit_stop_by_name () from
> /usr/lib/libgtk-1.2.so.0
> #72762 0x0027bee7 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
> #72763 0x00319267 in gtk_button_released () from /usr/lib/libgtk-1.2.so.0
> #72764 0x0031a462 in gtk_button_set_relief () from /usr/lib/libgtk-1.2.so.0
> #72765 0x002ace79 in gtk_marshal_BOOL__POINTER () from
> /usr/lib/libgtk-1.2.so.0
> #72766 0x0027b333 in gtk_signal_emit_stop_by_name () from
> /usr/lib/libgtk-1.2.so.0
> #72767 0x0027bee7 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
> #72768 0x002411b9 in gtk_widget_event () from /usr/lib/libgtk-1.2.so.0
> #72769 0x002aec0c in gtk_propagate_event () from /usr/lib/libgtk-1.2.so.0
> #72770 0x002aefa7 in gtk_main_do_event () from /usr/lib/libgtk-1.2.so.0
> #72771 0x00154620 in gdk_event_get () from /usr/lib/libgdk-1.2.so.0
> #72772 0x0018b287 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
> #72773 0x0018bf13 in g_main_add_poll () from /usr/lib/libglib-1.2.so.0
> #72774 0x0018c0e5 in g_main_run () from /usr/lib/libglib-1.2.so.0
> #72775 0x002ae232 in gtk_main () from /usr/lib/libgtk-1.2.so.0
> #72776 0x0807ed6d in main (argc=0, argv=0xbffcd438) at main.c:2985
> (gdb)
>
> (gdb)
>
>
>
>



<<winmail.dat>>