Wireshark-dev: Re: [Wireshark-dev] Unhandled exception
Den tis 18 sep. 2018 16:21Anders Broman <anders.broman@xxxxxxxxxxxx> skrev:actually with Pascals patch there's a warning printed at startup I think. It's not visible on Windows though.
______________________________________________________________________________________________________________________________________________________
From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of Maynard, Chris
Sent: den 18 september 2018 15:55
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Unhandled exception
>This particular crash with transum didn’t occur just by launching Wireshark though, but only when reading a capture file or attempting to capture packets from an interface, so merely starting the application wouldn’t >have caught it.
>
>- Chris
Ah it’s my proposed patch https://code.wireshark.org/review/#/c/29716/ that makes it assert during startup 😊
Didn’t think of that…
Regards
Anders
From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: Tuesday, September 18, 2018 9:42 AM
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Unhandled exception
Hi,
At the very least we should have a test step activating all protocols and starting the application.
As they are disabled by default perhaps fussing is overkill, they might prolong fussing time unduly?
Regards
Anders
From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of Maynard, Chris
Sent: den 18 september 2018 15:36
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Unhandled exception
Thanks.
Should the fuzz tester(s) enable all dissectors by default? If I “enable all protocols”, then currently the enabled_protos file lists these 3: prp, stcsig and transum.
- Chris
From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Pascal Quantin
Sent: Tuesday, September 18, 2018 4:26 AM
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Unhandled exception
Le mar. 18 sept. 2018 à 10:22, Pascal Quantin <pascal.quantin@xxxxxxxxx> a écrit :
I'm uploading a patch.
Pascal.
Le mar. 18 sept. 2018 à 10:20, Pascal Quantin <pascal.quantin@xxxxxxxxx> a écrit :
Hi Anders,
Le mar. 18 sept. 2018 à 10:19, Anders Broman <anders.broman@xxxxxxxxxxxx> a écrit :
Hi,
I think that the problem is that one of these fields has changed name, but debugging the registration phase is hard on Windows as the console is not open...GRR
this seems to be the ssl.record.content_type field.
We should check if we can make Transum more robust to this kind of errors in the future.
* The following are the field ids for the protocol values used by TRANSUM.
Make sure they line up with ehf_of_interest order */
HF_OF_INTEREST_INFO hf_of_interest[HF_INTEREST_END_OF_LIST] = {
{ -1, "ip.proto" },
{ -1, "ipv6.nxt" },
{ -1, "tcp.analysis.retransmission" },
{ -1, "tcp.analysis.keep_alive" },
{ -1, "tcp.flags.syn" },
{ -1, "tcp.flags.ack" },
{ -1, "tcp.flags.reset" },
{ -1, "tcp.flags.urg" },
{ -1, "tcp.seq" },
{ -1, "tcp.srcport" },
{ -1, "tcp.dstport" },
{ -1, "tcp.stream" },
{ -1, "tcp.len" },
{ -1, "udp.srcport" },
{ -1, "udp.dstport" },
{ -1, "udp.stream" },
{ -1, "udp.length" },
{ -1, "ssl.record.content_type" },
{ -1, "tds.type" },
{ -1, "tds.length" },
{ -1, "smb.mid" },
{ -1, "smb2.sesid" },
{ -1, "smb2.msg_id" },
{ -1, "smb2.cmd" },
{ -1, "dcerpc.ver" },
{ -1, "dcerpc.pkt_type" },
{ -1, "dcerpc.cn_call_id" },
{ -1, "dcerpc.cn_ctx_id" },
{ -1, "dns.id"},
};
Regards
Anders
-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of João Valverde
Sent: den 18 september 2018 10:10
To: wireshark-dev@xxxxxxxxxxxxx
Subject: Re: [Wireshark-dev] Unhandled exception
On 18/09/18 01:07, Maynard, Chris wrote:
> Thanks for the tips Richard, but after some additional testing and some head-scratching, I discovered the source of the problem was something in my profile, because if I switched to a pristine profile, then master ran fine. Through divide-and-conquer/trial-and-error, I discovered that it was due to enabling the transum dissector, although I can't figure out why enabling the transum dissector causes this, and then only for master. Enabling it for 2.6.2 seems fine.
>
> Maybe someone could just confirm if they also experience this exception if they enable the transum dissector? If confirmed, I will file a bug report.
Confirmed on the latest master. Enabling transum crashes wireshark.
> The exception, for reference:
>
> Unhandled exception ("proto.c:6497: failed assertion "(guint)hfid < gpa_hfinfo.len" (Unregistered hf!)", group=1, code=6)
>
> Thanks.
> - Chris
>
> -----Original Message-----
> From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Richard Sharpe
> Sent: Monday, September 17, 2018 4:22 PM
> To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> Subject: Re: [Wireshark-dev] Unhandled exception
>
> <snip>
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-dev] Unhandled exception
- From: Maynard, Chris
- Re: [Wireshark-dev] Unhandled exception
- From: Richard Sharpe
- Re: [Wireshark-dev] Unhandled exception
- From: Maynard, Chris
- Re: [Wireshark-dev] Unhandled exception
- From: João Valverde
- Re: [Wireshark-dev] Unhandled exception
- From: Anders Broman
- Re: [Wireshark-dev] Unhandled exception
- From: Pascal Quantin
- Re: [Wireshark-dev] Unhandled exception
- From: Pascal Quantin
- Re: [Wireshark-dev] Unhandled exception
- From: Pascal Quantin
- Re: [Wireshark-dev] Unhandled exception
- From: Maynard, Chris
- Re: [Wireshark-dev] Unhandled exception
- From: Anders Broman
- Re: [Wireshark-dev] Unhandled exception
- From: Maynard, Chris
- Re: [Wireshark-dev] Unhandled exception
- From: Anders Broman
- Re: [Wireshark-dev] Unhandled exception
- From: Anders Broman
- [Wireshark-dev] Unhandled exception
- Prev by Date: Re: [Wireshark-dev] Unhandled exception
- Next by Date: [Wireshark-dev] tools/check[hf|APIs|filtername].pl need updating?
- Previous by thread: Re: [Wireshark-dev] Unhandled exception
- Next by thread: Re: [Wireshark-dev] Unhandled exception
- Index(es):