Wireshark-dev: [Wireshark-dev] Wireshark 1.0.7 segfault when loading PCNFSD capture

From: Mark Cave-Ayland <mark.cave-ayland@xxxxxxxxxxxxxx>
Date: Tue, 21 Apr 2009 11:01:35 +0100
Hi everyone,

I've been working on capturing some data from a server to diagnose some PCNFSD login problems and I have found that when I attempt to load my capture file into wireshark 1.0.7 then it immediately segfaults.

Using gdb I can attach to the wireshark process and obtain the following backtrace:


mcavea@zeno:/home/build/rel-wireshark/bin$ gdb wireshark
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) run
Starting program: /home/build/rel-wireshark/bin/wireshark
[Thread debugging using libthread_db enabled]
[New Thread 0x7f6a1b64e700 (LWP 29170)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f6a1b64e700 (LWP 29170)]
0x00007f6a19a46ce9 in dissect_pcnfsd2_auth_call (tvb=0x190f4c0, offset=<value optimized out>, pinfo=<value optimized out>,
    tree=0x1967b10) at packet-pcnfsd.c:179
179                     *data = (*data ^ 0x5b) & 0x7f;
(gdb) bt
#0 0x00007f6a19a46ce9 in dissect_pcnfsd2_auth_call (tvb=0x190f4c0, offset=<value optimized out>, pinfo=<value optimized out>,
    tree=0x1967b10) at packet-pcnfsd.c:179
#1 0x00007f6a19a81e2c in call_dissect_function (tvb=0x190f4c0, pinfo=0x1b7ee80, tree=0x1967b10, offset=72, dissect_function=0x7f6a19a46b20 <dissect_pcnfsd2_auth_call>, progname=0x7f6a1a037378 "PCNFSD") at packet-rpc.c:1273 #2 0x00007f6a19a84b45 in dissect_rpc_message (tvb=0x190f4c0, pinfo=0x1b7ee80, tree=0x1967870, frag_tvb=0x18, ipfd_head=0x0, is_tcp=<value optimized out>, rpc_rm=0, first_pdu=1) at packet-rpc.c:2600 #3 0x00007f6a19a861f0 in dissect_rpc_heur (tvb=0x7f6a1a045eaa, pinfo=0x4, tree=0x7f6a1a045eaa) at packet-rpc.c:2713 #4 0x00007f6a1971fcdc in dissector_try_heuristic (sub_dissectors=<value optimized out>, tvb=0x190f4c0, pinfo=0x1b7ee80,
    tree=0x1967870) at packet.c:1595
#5 0x00007f6a19b413ed in decode_udp_ports (tvb=0x190f400, offset=<value optimized out>, pinfo=0x1b7ee80, tree=0x1967870,
    uh_sport=1023, uh_dport=690, uh_ulen=144) at packet-udp.c:168
#6 0x00007f6a19b41a2f in dissect (tvb=0x190f400, pinfo=0x1b7ee80, tree=0x1967870, ip_proto=1114112) at packet-udp.c:427 #7 0x00007f6a1971fbb1 in call_dissector_through_handle (handle=0x14d64d0, tvb=0x190f400, pinfo=0x1b7ee80, tree=0x1967870)
    at packet.c:396
#8 0x00007f6a197202f3 in call_dissector_work (handle=0x14d64d0, tvb=0x190f400, pinfo_arg=0x1b7ee80, tree=0x1967870) at packet.c:485 #9 0x00007f6a19721277 in dissector_try_port (sub_dissectors=<value optimized out>, port=17, tvb=0x190f400, pinfo=0x1b7ee80,
    tree=0x1967870) at packet.c:870
#10 0x00007f6a1996643c in dissect_ip (tvb=0x190f5e0, pinfo=0x1b7ee80, parent_tree=0x1967870) at packet-ip.c:1574 #11 0x00007f6a1971fbb1 in call_dissector_through_handle (handle=0xd2f730, tvb=0x190f5e0, pinfo=0x1b7ee80, tree=0x1967870)
    at packet.c:396
#12 0x00007f6a197202f3 in call_dissector_work (handle=0xd2f730, tvb=0x190f5e0, pinfo_arg=0x1b7ee80, tree=0x1967870) at packet.c:485 #13 0x00007f6a19721277 in dissector_try_port (sub_dissectors=<value optimized out>, port=2048, tvb=0x190f5e0, pinfo=0x1b7ee80,
    tree=0x1967870) at packet.c:870
#14 0x00007f6a198b7d37 in ethertype (etype=2048, tvb=0x190f580, offset_after_etype=14, pinfo=0x1b7ee80, tree=0x1967870, fh_tree=0x1967900, etype_id=13894, trailer_id=13896, fcs_len=-1) at packet-ethertype.c:215 #15 0x00007f6a198b5556 in dissect_eth_common (tvb=0x190f580, pinfo=0x1b7ee80, parent_tree=0x1967870, fcs_len=-1) at packet-eth.c:338 #16 0x00007f6a1971fbb1 in call_dissector_through_handle (handle=0x143f160, tvb=0x190f580, pinfo=0x1b7ee80, tree=0x1967870)
    at packet.c:396
#17 0x00007f6a197202f3 in call_dissector_work (handle=0x143f160, tvb=0x190f580, pinfo_arg=0x1b7ee80, tree=0x1967870) at packet.c:485 #18 0x00007f6a19721277 in dissector_try_port (sub_dissectors=<value optimized out>, port=1, tvb=0x190f580, pinfo=0x1b7ee80,
    tree=0x1967870) at packet.c:870
#19 0x00007f6a198edde8 in dissect_frame (tvb=0x190f580, pinfo=0x1b7ee80, parent_tree=0x1967870) at packet-frame.c:305 #20 0x00007f6a1971fbb1 in call_dissector_through_handle (handle=0xc49db0, tvb=0x190f580, pinfo=0x1b7ee80, tree=0x1967870)
    at packet.c:396
#21 0x00007f6a197202f3 in call_dissector_work (handle=0xc49db0, tvb=0x190f580, pinfo_arg=0x1b7ee80, tree=0x1967870) at packet.c:485 #22 0x00007f6a19720441 in call_dissector (handle=0x7f6a1a045eaa, tvb=0x4, pinfo=0x7f6a1a045eaa, tree=0x7f6a1a045eb1) at packet.c:1787 #23 0x00007f6a19721d92 in dissect_packet (edt=0x1b7ee70, pseudo_header=<value optimized out>, pd=0x1988400 "", fd=0x1b8acd0,
    cinfo=<value optimized out>) at packet.c:332
#24 0x0000000000433a6b in add_packet_to_packet_list (fdata=0x1b8acd0, cf=0x77b140, dfcode=0x0, pseudo_header=0x1939f88,
    buf=0x1988400 "", refilter=<value optimized out>) at file.c:972
#25 0x00000000004354cf in cf_read (cf=0x77b140) at file.c:503
#26 0x0000000000474171 in file_open_cmd (w=0x15c2240) at capture_file_dlg.c:726 #27 0x00007f6a16f40e9d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#28 0x00007f6a16f53bfd in ?? () from /usr/lib/libgobject-2.0.so.0
#29 0x00007f6a16f550ee in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#30 0x00007f6a16f555f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#31 0x00007f6a184069cb in gtk_widget_activate () from /usr/lib/libgtk-x11-2.0.so.0 #32 0x00007f6a182fa2ad in gtk_menu_shell_activate_item () from /usr/lib/libgtk-x11-2.0.so.0
#33 0x00007f6a182fbf85 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#34 0x00007f6a182ed748 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#35 0x00007f6a16f40e9d in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#36 0x00007f6a16f538dc in ?? () from /usr/lib/libgobject-2.0.so.0
#37 0x00007f6a16f54f71 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#38 0x00007f6a16f555f3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#39 0x00007f6a184021be in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#40 0x00007f6a182e62d3 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #41 0x00007f6a182e731b in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#42 0x00007f6a17f48f8c in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#43 0x00007f6a1649778b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#44 0x00007f6a1649af5d in ?? () from /usr/lib/libglib-2.0.so.0
#45 0x00007f6a1649b48d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#46 0x00007f6a182e7737 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#47 0x00000000004484ce in main (argc=0, argv=0x7fff23787c80) at main.c:3201


So it looks as if there is a problem with the PCNFSD dissector :( Can anyone point me in the right direction as to how to go about fixing this?


Many thanks,

Mark.

--
Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk
t: +44 870 608 0063