Wireshark-dev: Re: [Wireshark-dev] DND crash through all versions?
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sat, 22 Sep 2012 00:04:45 +0200
On 09/05/2012 12:05 AM, Jaap Keuter wrote:
On 09/04/2012 06:35 PM, Jaap Keuter wrote:On 2012-09-04 16:52, Christopher Maynard wrote:Jeff Morriss <jeff.morriss.ws@...> writes:Jaap Keuter wrote: > On 2012-09-04 08:32, Joerg Mayer wrote: >> On Tue, Sep 04, 2012 at 08:18:28AM +0200, Jaap Keuter wrote: >>> Ok, thanks for the response on the strstr() question. Still remain >>> the big question: the DND crash! Am I the only one seeing this? Does >>> the proposed patch elevate the problem on your platform? [...] > Does anyone else see this? It works OK for me on Windoze (1.8.1, XP, 32-bit); here I dragged a PCAP file onto the Wireshark icon on my desktop. It works OK for me on Fedora Core 10 (SVN, GTK-2.14.7-9, 64-bit); here I dragged a PCAP file into a running (from the build directory) Wireshark (Wireshark isn't installed so I have no icon for the executable).After a distclean, it works for me on Windows XP SP3 32-bit, r44768 (as well as Windows 7 64-bit -- forget which revision, but not quite r44768). I had encountered this problem once upon a time though and filed bug 5987[1] for it, which actually seemed to be a duplicate of bug 6457[2]. [1]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5987 [2]: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6457Hmm, it seems neither of those. So either it's related to the specific GTK version (on KDE?), or the fact that I used Dolphin (the KDE File Mananager) as source for the capture file DND. The plot thickens... ;) Thanks, JaapOk, some more details. Looking at Drag-and-Drop Protocol for the X Window System [1], I found this on dragging and dropping files[2]. It refers to the MIMEtype text/uri-list, which is defined, according to IANA[3], in RFC 2483. Even though its status is experimental it says: " The format of text/uri-list resources is: ... 3) As for all text/* formats, lines are terminated with a CRLF pair. " This is not what I'm seeing. The last line is no longer CRLF terminated! Who does that? The source? I've tries 3 file browser (Dolphin, Konqueror, File open dialog) with the same results. The X Server, or the target (Wireshark, through GTK+)? Do I need to pull out xscope? [1] http://www.newplanetsoftware.com/xdnd/ [2] http://www.newplanetsoftware.com/xdnd/dragging_files.html [3] http://www.iana.org/assignments/media-types/text/index.html [4] http://tools.ietf.org/rfcmarkup?rfc=2483
Wireshark DND tests Using xscope I've traced the X protocol on both sides of the DND exchange. The scenario starts by dragging and dropping a.pcap and b.pcap together from Dolphin (File Manager) to Wireshark (Target). This results in a.pcap being loaded. Then dragging and dropping of b.pcap is performed. This results in a crash of Wireshark. Platform FC14/x86_64, KDE For the first run xscope is used as follows: > xscope -v3 -t > xscope_Dolphin_DND_v3_ab.log To launch the X client to trace the following command is used: > DISPLAY=localhost:1.0 dolphin Wireshark is launched normally and the scenario is played out. For the second run xscope is used as follows: > xscope -v3 -t > xscope_Wireshark_DND_v3_ab.log To launch the X client to trace the following command is used: > DISPLAY=localhost:1.0 wireshark Dolphin is launched normally and the scenario is played out.Now we dig through the log files. To find the relevant exchanges search the logs for the start of the URL:
'66 69 6c 65 3a 2f 2f'
f i l e : / /
Dolphin sends:
----------8<-------------------------------------------------------------------
............REQUEST: ChangeProperty
sequence number: 0000a7c7
mode: Replace
request length: 0014
window: WIN 06c05130
property: ATM 0000023b
type: ATM 000001d2
format: 08
length of data: 00000038
data: 66 69 6c 65 3a 2f 2f 2f 68 6f 6d 65 2f 6a 6b 65
: 75 74 65 72 2f 61 2e 70 63 61 70 0d 0a 66 69 6c
: 65 3a 2f 2f 2f 68 6f 6d 65 2f 6a 6b 65 75 74 65
: 72 2f 62 2e 70 63 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/a.pcap\r\nfile:///home/jkeuter/b.pcap"
and:
----------8<-------------------------------------------------------------------
............REQUEST: ChangeProperty
sequence number: 00021370
mode: Replace
request length: 000d
window: WIN 06c0529a
property: ATM 0000023b
type: ATM 000001d2
format: 08
length of data: 0000001b
data: 66 69 6c 65 3a 2f 2f 2f 68 6f 6d 65 2f 6a 6b 65
: 75 74 65 72 2f 62 2e 70 63 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/b.pcap"
Wireshark receives:
----------8<-------------------------------------------------------------------
11.08: 88 bytes <-- X11 Server 2
..............REPLY: GetProperty
format: 08
sequence number: 496b
reply length: 0000000e
type: ATM 000001d2
bytes-after: 00000000
length of value: 00000038
value: 66 69 6c 65 3a 2f
: 2f 2f 68 6f 6d 65
: 2f 6a 6b 65 75 74
: 65 72 2f 61 2e 70
: 63 61 70 0d 0a 66
: 69 6c 65 3a 2f 2f
: 2f 68 6f 6d 65 2f
: 6a 6b 65 75 74 65
: 72 2f 62 2e 70 63
: 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/a.pcap\r\nfile:///home/jkeuter/b.pcap"
and:
----------8<-------------------------------------------------------------------
20.64: 60 bytes <-- X11 Server 2
..............REPLY: GetProperty
format: 08
sequence number: 5d64
reply length: 00000007
type: ATM 000001d2
bytes-after: 00000000
length of value: 0000001b
value: 66 69 6c 65 3a 2f
: 2f 2f 68 6f 6d 65
: 2f 6a 6b 65 75 74
: 65 72 2f 62 2e 70
: 63 61 70
----------8<-------------------------------------------------------------------
which translates into:
"file:///home/jkeuter/b.pcap"
It's right after this reply that Wireshark crashes.
So this tells us that the client is sending non well-formed text/uri-list's.
Thanks,
Jaap
- Follow-Ups:
- Re: [Wireshark-dev] DND crash through all versions?
- From: Jaap Keuter
- Re: [Wireshark-dev] DND crash through all versions?
- References:
- [Wireshark-dev] DND crash through all versions?
- From: Jaap Keuter
- Re: [Wireshark-dev] DND crash through all versions?
- From: Jaap Keuter
- Re: [Wireshark-dev] DND crash through all versions?
- From: Joerg Mayer
- Re: [Wireshark-dev] DND crash through all versions?
- From: Jaap Keuter
- Re: [Wireshark-dev] DND crash through all versions?
- From: Jeff Morriss
- Re: [Wireshark-dev] DND crash through all versions?
- From: Christopher Maynard
- Re: [Wireshark-dev] DND crash through all versions?
- From: Jaap Keuter
- Re: [Wireshark-dev] DND crash through all versions?
- From: Jaap Keuter
- [Wireshark-dev] DND crash through all versions?
- Prev by Date: Re: [Wireshark-dev] Debian package on 1.8.0
- Next by Date: Re: [Wireshark-dev] Vines dissectors
- Previous by thread: Re: [Wireshark-dev] DND crash through all versions?
- Next by thread: Re: [Wireshark-dev] DND crash through all versions?
- Index(es):