Wireshark-dev: Re: [Wireshark-dev] DND crash through all versions?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sat, 22 Sep 2012 00:04:45 +0200
On 09/05/2012 12:05 AM, Jaap Keuter wrote:
On 09/04/2012 06:35 PM, Jaap Keuter wrote:
On 2012-09-04 16:52, Christopher Maynard wrote:
Jeff Morriss <jeff.morriss.ws@...> writes:

Jaap Keuter wrote:
> On 2012-09-04 08:32, Joerg Mayer wrote:
>> On Tue, Sep 04, 2012 at 08:18:28AM +0200, Jaap Keuter wrote:
>>> Ok, thanks for the response on the strstr() question. Still remain
>>> the big question: the DND crash! Am I the only one seeing this? Does
>>> the proposed patch elevate the problem on your platform?
[...]
> Does anyone else see this?

It works OK for me on Windoze (1.8.1, XP, 32-bit); here I dragged a PCAP
file onto the Wireshark icon on my desktop.

It works OK for me on Fedora Core 10 (SVN, GTK-2.14.7-9, 64-bit); here I
dragged a PCAP file into a running (from the build directory) Wireshark
(Wireshark isn't installed so I have no icon for the executable).

After a distclean, it works for me on Windows XP SP3 32-bit, r44768
(as well as
Windows 7 64-bit -- forget which revision, but not quite r44768).

I had encountered this problem once upon a time though and filed bug
5987[1] for
it, which actually seemed to be a duplicate of bug 6457[2].

[1]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5987
[2]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6457


Hmm, it seems neither of those. So either it's related to the specific GTK
version (on KDE?), or the fact that I used Dolphin (the KDE File Mananager) as
source for the capture file DND.
The plot thickens... ;)

Thanks,
Jaap

Ok, some more details. Looking at Drag-and-Drop Protocol for the X Window System
[1], I found this on dragging and dropping files[2].

It refers to the MIMEtype text/uri-list, which is defined, according to IANA[3],
in RFC 2483. Even though its status is experimental it says:
" The format of text/uri-list resources is:
...
3) As for all text/* formats, lines are terminated with a CRLF pair.
"

This is not what I'm seeing. The last line is no longer CRLF terminated!
Who does that? The source? I've tries 3 file browser (Dolphin, Konqueror, File
open dialog) with the same results. The X Server, or the target (Wireshark,
through GTK+)? Do I need to pull out xscope?


[1] http://www.newplanetsoftware.com/xdnd/
[2] http://www.newplanetsoftware.com/xdnd/dragging_files.html
[3] http://www.iana.org/assignments/media-types/text/index.html
[4] http://tools.ietf.org/rfcmarkup?rfc=2483


Wireshark DND tests

Using xscope I've traced the X protocol on both sides of the DND exchange.
The scenario starts by dragging and dropping a.pcap and b.pcap together
from Dolphin (File Manager) to Wireshark (Target). This results in a.pcap
being loaded. Then dragging and dropping of b.pcap is performed. This results
in a crash of Wireshark.

Platform FC14/x86_64, KDE

For the first run xscope is used as follows:
> xscope -v3 -t > xscope_Dolphin_DND_v3_ab.log
To launch the X client to trace the following command is used:
> DISPLAY=localhost:1.0 dolphin
Wireshark is launched normally and the scenario is played out.

For the second run xscope is used as follows:
> xscope -v3 -t > xscope_Wireshark_DND_v3_ab.log
To launch the X client to trace the following command is used:
> DISPLAY=localhost:1.0 wireshark
Dolphin is launched normally and the scenario is played out.

Now we dig through the log files. To find the relevant exchanges search the logs for the start of the URL:
'66 69 6c 65 3a 2f 2f'
  f  i  l  e  :  /  /

Dolphin sends:
----------8<-------------------------------------------------------------------
         ............REQUEST: ChangeProperty
             sequence number: 0000a7c7
                        mode: Replace
              request length: 0014
                      window: WIN 06c05130
                    property: ATM 0000023b
                        type: ATM 000001d2
                      format: 08
              length of data: 00000038
                        data: 66 69 6c 65 3a 2f 2f 2f 68 6f 6d 65 2f 6a 6b 65
                            : 75 74 65 72 2f 61 2e 70 63 61 70 0d 0a 66 69 6c
                            : 65 3a 2f 2f 2f 68 6f 6d 65 2f 6a 6b 65 75 74 65
                            : 72 2f 62 2e 70 63 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/a.pcap\r\nfile:///home/jkeuter/b.pcap"

and:
----------8<-------------------------------------------------------------------
         ............REQUEST: ChangeProperty
             sequence number: 00021370
                        mode: Replace
              request length: 000d
                      window: WIN 06c0529a
                    property: ATM 0000023b
                        type: ATM 000001d2
                      format: 08
              length of data: 0000001b
                        data: 66 69 6c 65 3a 2f 2f 2f 68 6f 6d 65 2f 6a 6b 65
                            : 75 74 65 72 2f 62 2e 70 63 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/b.pcap"


Wireshark receives:
----------8<-------------------------------------------------------------------
11.08:                                    88 bytes <-- X11 Server 2
                                         ..............REPLY: GetProperty
                                                      format: 08
                                             sequence number: 496b
                                                reply length: 0000000e
                                                        type: ATM 000001d2
                                                 bytes-after: 00000000
                                             length of value: 00000038
                                                       value: 66 69 6c 65 3a 2f
                                                            : 2f 2f 68 6f 6d 65
                                                            : 2f 6a 6b 65 75 74
                                                            : 65 72 2f 61 2e 70
                                                            : 63 61 70 0d 0a 66
                                                            : 69 6c 65 3a 2f 2f
                                                            : 2f 68 6f 6d 65 2f
                                                            : 6a 6b 65 75 74 65
                                                            : 72 2f 62 2e 70 63
                                                            : 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/a.pcap\r\nfile:///home/jkeuter/b.pcap"

and:
----------8<-------------------------------------------------------------------
20.64:                                    60 bytes <-- X11 Server 2
                                         ..............REPLY: GetProperty
                                                      format: 08
                                             sequence number: 5d64
                                                reply length: 00000007
                                                        type: ATM 000001d2
                                                 bytes-after: 00000000
                                             length of value: 0000001b
                                                       value: 66 69 6c 65 3a 2f
                                                            : 2f 2f 68 6f 6d 65
                                                            : 2f 6a 6b 65 75 74
                                                            : 65 72 2f 62 2e 70
                                                            : 63 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/b.pcap"

It's right after this reply that Wireshark crashes.

So this tells us that the client is sending non well-formed text/uri-list's.

Thanks,
Jaap