Wireshark-dev: Re: [Wireshark-dev] Crash due to saving capture as pcapng

From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Thu, 3 Mar 2016 09:26:53 -0500
For those not following bug 12220, a fix has been submitted:
 
https://code.wireshark.org/review/14326
 
 
-----Original Message-----
From: FIXED-TERM Scholz Tobias (DC-IA/EAI3) <fixed-term.Tobias.Scholz@xxxxxxxxxxxxxxx>
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Thu, Mar 3, 2016 3:10 am
Subject: Re: [Wireshark-dev] Crash due to saving capture as pcapng

Ok since there is already a bug with a similar issue, I won't report it.

Now I know for sure, that it's not my development, which is responsible for the crash.
Thanks for your help!

Regards


-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Guy Harris
Gesendet: Donnerstag, 3. März 2016 09:01
An: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Betreff: Re: [Wireshark-dev] Crash due to saving capture as pcapng

On Mar 2, 2016, at 11:53 PM, FIXED-TERM Scholz Tobias (DC-IA/EAI3) <fixed-term.Tobias.Scholz@xxxxxxxxxxxxxxx> wrote:

> I am having problems with saving my new development as a pcapng file. Trying to save with this type, wireshark 2.1.0 (x64) crashes and I will get an exception.
>
> Using the VS2013 debugger I get the following exception within “pcapng.c”:
> • Unhandled exception at 0x000007FEE02F7C67 (wiretap-2.1.0(x64_TS_PS).dll) in Wireshark.exe: 0xC0000005: Access violation reading location 0x0000000000000000.
>
> The programm itself seems to stop at line 4031 in “pcapng.c”
>
> if (!pcapng_write_interface_statistics_block(wdh, if_stats, err)) {
> return FALSE;
> }

This might be bug 12220:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12220

> What I don’t understand is, trying to save another capture with the same development as pcap works perfect.

Because the problem appears to be with capture statistics that can be saved in pcapng files (because it has blocks that store capture statistics) but not in pcap files (because it has no ability to store capture statistics), so the code to write pcap files never looks at the incorrectly-set-up capture statistics structure.

> I can also load the pcap file without any problems. After saving the file as pcap I tried to save the same capture as pcapng, and it works!

The code to *read* pcap files obviously doesn't set up any capture statistics, as they're not stored in a pcap file, so there isn't a bad capture statistics structure to try to save.

Perhaps the code that *reads* pcapng files doesn't set up the capture statistics structure correctly? (Michael?)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe