Wireshark-dev: Re: [Wireshark-dev] Unhandled exception

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>
Date: Mon, 17 Sep 2018 13:22:29 -0700
On Mon, Sep 17, 2018 at 12:31 PM, Maynard, Chris
<Christopher.Maynard@xxxxxxx> wrote:
> Hello,
>
> Recently I’ve begun seeing the following unhandled exception with master
> when loading any capture file or attempting to capture on any interface – at
> least that I tried, but I haven’t found any capture file or capture
> interface where this doesn’t happen now:
>
> Unhandled exception ("proto.c:6497: failed assertion "(guint)hfid <
> gpa_hfinfo.len" (Unregistered hf!)", group=1, code=6)

What types of captures were you loading?

I have seen that sort of thing when there are errors where two hf
array entries point to the same hf_value (given that checkhf didn't
tell you there was anything missing.)

Using tshark -V might help track down which frame the problem is occurring on.

> The exception is occurring in proto.c:proto_tree_prime_with_hfid() at line
> 6497, within the PROTO_REGISTRAR_GET_NTH() macro, but unfortunately the
> stack trace isn’t particularly helpful [to me].  Here’s one when attempting
> to load an arbitrary capture file:
>
>>       libwireshark.dll!unhandled_catcher(except_t * except) Line 230  C
>          libwireshark.dll!do_throw(except_t * except) Line 216   C
>          libwireshark.dll!except_rethrow(except_t * except) Line 274     C
>          Wireshark.exe!cf_read(_capture_file * cf, int reloading) Line 652
> C
>          Wireshark.exe!MainWindow::openCaptureFile(QString cf_path, QString
> read_filter, unsigned int type, int is_tempfile) Line 250    C++
>          Wireshark.exe!MainWindow::openCaptureFile(QString cf_path, QString
> display_filter) Line 299     C++
>          Wireshark.exe!MainWindow::qt_static_metacall(QObject * _o,
> QMetaObject::Call _c, int _id, void * * _a) Line 1379        C++
>          Qt5Core.dll!00007ffb168fe327()  Unknown
>          Wireshark.exe!WelcomePage::recentFileActivated(QString _t1) Line
> 288    C++
>          Wireshark.exe!WelcomePage::openRecentItem(QListWidgetItem * item)
> Line 398      C++
>          Qt5Core.dll!00007ffb168fe327()  Unknown
>          Qt5Widgets.dll!00007ffb17564824()       Unknown
>          Qt5Core.dll!00007ffb168fe327()  Unknown
>          Qt5Widgets.dll!00007ffb175231fa()       Unknown
>          Qt5Widgets.dll!00007ffb1752972c()       Unknown
>          Qt5Widgets.dll!00007ffb1732bc42()       Unknown
>          Qt5Widgets.dll!00007ffb173ceac7()       Unknown
>          Qt5Widgets.dll!00007ffb17530369()       Unknown
>          Qt5Core.dll!00007ffb168e104d()  Unknown
>          Qt5Widgets.dll!00007ffb17308cac()       Unknown
>          Qt5Widgets.dll!00007ffb173068cd()       Unknown
>          Qt5Core.dll!00007ffb168dec79()  Unknown
>          Qt5Widgets.dll!00007ffb1730a006()       Unknown
>          Qt5Widgets.dll!00007ffb17353fe9()       Unknown
>          Qt5Widgets.dll!00007ffb17351d5e()       Unknown
>          Qt5Widgets.dll!00007ffb17308cc0()       Unknown
>          Qt5Widgets.dll!00007ffb17307b47()       Unknown
>          Qt5Core.dll!00007ffb168dec79()  Unknown
>          Qt5Gui.dll!00007ffb16d1e262()   Unknown
>          Qt5Gui.dll!00007ffb16d048fb()   Unknown
>          Qt5Core.dll!00007ffb169285c5()  Unknown
>          [External Code]
>          Qt5Core.dll!00007ffb16927d96()  Unknown
>          qwindows.dll!00007ffb16609979() Unknown
>          Qt5Core.dll!00007ffb168dab23()  Unknown
>          Qt5Core.dll!00007ffb168dd8d4()  Unknown
>          Wireshark.exe!main(int argc, char * * qt_argv) Line 907 C++
>          Wireshark.exe!WinMain(HINSTANCE__ * __formal, HINSTANCE__ *
> __formal, char * __formal, int __formal) Line 104   C++
>          [External Code]
>
> If I set WIRESHARK_ABORT_ON_DISSECTOR_BUG=1, it produces nothing of value
> [to me]:
>
> 14:52:20.271          Err  Unregistered hf! index=-1
>
> I removed all my Lua dissectors from the plugins directory, so this is just
> stock Wireshark master running.  Here’s the Wireshark version information:
>
> Version 2.9.0 (v2.9.0rc0-1854-g261817cf)
> Compiled (64-bit) with Qt 5.11.1, with WinPcap (4_1_3), with GLib 2.52.2,
> with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with
> GnuTLS 3.4.11, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB
> resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4,
> with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.
> Running on 64-bit Windows 10 (1803), build 17134, with Intel(R) Xeon(R) CPU
> E3-1505M v5 @ 2.80GHz (with SSE4.2), with 16225 MB of physical memory, with
> locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll
> version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
> (20091008), with GnuTLS 3.4.11, with Gcrypt 1.8.3, with AirPcap 4.1.0 build
> 1622, binary plugins supported (14 loaded). Built using Microsoft Visual C++
> 14.0 build 24215
>
> I will continue investigating, but maybe someone has some ideas?  Is anyone
> else seeing this?
>
> Other observations:
>
> checkhf produces no output of any particular consequence (just a bunch of
> “Unused [href|ei] entry”’s).
>
> checkapi: 1 warning of no consequence here.
>
> checkfiltername: a bunch of “[field] doesn’t match PROTOABBREV” warnings,
> but probably nothing of consequence?
>
> cppcheck: too much output to find the needle I’m looking for in this
> haystack.
>
> - Chris
> P.S. After updating to the latest sources, I tried deleting the entire build
> directory and forcing everything to be compiled again.  That didn’t help.
>
>
>
>
> CONFIDENTIALITY NOTICE: This message is the property of International Game
> Technology PLC and/or its subsidiaries and may contain proprietary,
> confidential or trade secret information.  This message is intended solely
> for the use of the addressee.  If you are not the intended recipient and
> have received this message in error, please delete this message from your
> system. Any unauthorized reading, distribution, copying, or other use of
> this message or its attachments is strictly prohibited.
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)