Wireshark-users: Re: [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled

From: Antriksh Pany <antriksh.pany@xxxxxxxxx>
Date: Thu, 11 Nov 2010 18:11:15 +0530
Hello

The crash was occurring due to incorrect rnti type being filled up. We
actually had broadcast information flowing. But the rnti type was 3
(C_RNTI). And this seemed to be causing wireshark to attempt to decode
the message as a dedicated UE message (noticed that during the couple
of times that it did not crash in Windows).

When I corrected the rnti type, the problem went away.

I think this should be a very good indicator of where in code the
problem would be. If there are some pointers as to where to look in
code, I could consider having a look myself!

Also, I guess wireshark could warn us when the RNTI is that of SI
(broadcast), but the rnti type is set differently.

Cheers
Antriksh



On Thu, Nov 11, 2010 at 12:22 PM, Antriksh Pany <antriksh.pany@xxxxxxxxx> wrote:
> Hello
>
> I am facing a crash when I enable the option
>  'Try Heuristic LTE-MAC over UDP framing'
> and load an appropriate pcap.
>
> The crash does not occur when I turn off this option, and load the same pcap.
>
> This is the log:
> -----------------------
> bash-3.2$ /opt/wireshark/bin/wireshark
>
> (wireshark:10799): GLib-GObject-WARNING **: invalid (NULL) pointer instance
>
> (wireshark:10799): GLib-GObject-CRITICAL **: g_signal_emit_by_name:
> assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
> Segmentation fault
> bash-3.2$
> bash-3.2$ uname -a
> Linux dennis 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64
> x86_64 x86_64 GNU/Linux
> bash-3.2$ /opt/wireshark/bin/wireshark -v
> wireshark 1.4.1
>
> Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
> Compiled with GTK+ 2.10.4, (64-bit) with GLib 2.12.3, with libpcap 0.9.4, with
> libz 1.2.3, with POSIX capabilities (Linux), with libpcre (version unknown),
> without SMI, without c-ares, without ADNS, without Lua, without Python, with
> GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos, without GeoIP, without
> PortAudio, without AirPcap.
>
> Running on Linux 2.6.18-128.el5, with libpcap version 0.9.4, with libz 1.2.3,
> GnuTLS 1.4.1, Gcrypt 1.2.4.
>
> Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44).
> bash-3.2$
> -----------------------
>
>
> Also, I had tried doing the same on Windows. It was able to open the
> pcap correctly on the first few occassions. But it consistently
> crashes on windows as well now.
> These are the problem details shown by Windows (windows 7):
> -----------------------
> Problem signature:
>  Problem Event Name:   APPCRASH
>  Application Name:     wireshark.exe
>  Application Version:  1.4.1.34476
>  Application Timestamp:        4cb35037
>  Fault Module Name:    libwireshark.dll
>  Fault Module Version: 1.4.1.34476
>  Fault Module Timestamp:       4cb34ea4
>  Exception Code:       c0000005
>  Exception Offset:     0001148f
>  OS Version:   6.1.7600.2.0.0.256.4
>  Locale ID:    1033
>  Additional Information 1:     0a9e
>  Additional Information 2:     0a9e372d3b4ad19135b953a78882e789
>  Additional Information 3:     0a9e
>  Additional Information 4:     0a9e372d3b4ad19135b953a78882e789
> -----------------------
> I have tried things such as restarting the system etc, but nothing works.
>
> Any help/suggestions is appreciated.
>
> Thanks
> Antriksh Pany
>