Wireshark-bugs: [Wireshark-bugs] [Bug 13189] New: Exception closing http exported objects window
Date: Wed, 30 Nov 2016 14:26:48 +0000
Bug ID 13189
Summary Exception closing http exported objects window
Product Wireshark
Version 2.2.2
Hardware x86
OS Windows NT
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter david.cristobal@gmail.com

Build Information:
Version 2.2.2 (v2.2.2-0-g775fb08)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.8,
with
WinPcap (4_1_3), with GLib 2.42.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares
1.12.0, with Lua 5.2.4, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Nov 16 2016), with
AirPcap.

Running on 64-bit Windows 10, build 10240, with locale English_United
States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based
on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with
Gcrypt 1.6.2, without AirPcap.
       Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (with SSE4.2), with 8072MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I have a consistent issue when I close the window from the exported http
objects. 

Reproducible 100% in my computer (and other 2 virtual machines). Just File,
Export http objects, and then close that window.

Looking at the stack in WinBbg looks like a corruption releasing memory:

 # Child-SP         Return           Call Site
 0 0000008e0521e588 00007ffb26e8ac6e libwireshark!wmem_realloc+0x86f
 1 0000008e0521e590 00007ffb26e8a9d9 libwireshark!wmem_realloc+0x5de
 2 0000008e0521e5c0 00007ffb26e8a513 libwireshark!wmem_realloc+0x349
 3 0000008e0521e5f0 00007ff727bf0401 libwireshark!wmem_free+0x63
 4 0000008e0521e630 0000000063a45f3f Wireshark+0xb0401
 5 0000008e0521e660 0000000063a565f3 libgobject_2_0_0!g_closure_invoke+0x12f
 6 0000008e0521e700 0000000063a5d559
libgobject_2_0_0!g_signal_handler_disconnect+0x1e23
 7 0000008e0521e850 0000000063a5d758
libgobject_2_0_0!g_signal_emit_valist+0xad9
 8 0000008e0521e9f0 000000006186d243 libgobject_2_0_0!g_signal_emit+0x18
 9 0000008e0521ea30 0000000063a4bba5
libgtk_win32_2_0_0!gtk_notebook_set_action_widget+0x483
 a 0000008e0521ea60 00007ff727b677da libgobject_2_0_0!g_object_run_dispose+0x35
 b 0000008e0521ea90 0000000063a46169 Wireshark+0x277da


Last call to reallocate memory is this:
0:000> .frame /r 0x0; !mex.x
00 0000008e`0521e588 00007ffb`26e8ac6e libwireshark!wmem_realloc+0x86f
rax=31223d6e6f697372 rbx=0000000000000000 rcx=6576206c6d783f3c
rdx=0000008e0af7d890 rsi=0000008e12f1d8a0 rdi=0000008e0af7d8a0
rip=00007ffb26e8aeff rsp=0000008e0521e588 rbp=0000000000000000
r8=0000008e0701db80 r9=0000008e0af7d890r10=0000008e0af7d890r11=0000008e0701db80r12=0000000000000001r13=0000008e0521e880r14=0000008e0521e7e0r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010204
libwireshark!wmem_realloc+0x86f:
00007ffb`26e8aeff 48894118        mov     qword ptr [rcx+18h],rax
ds:6576206c`6d783f54=????????????????

Looks like the memory is corrupt (I cannot go further on this, my knowledge is
limited)

Dump available here: 
https://citrite.sharefile.com/d-s8aff39f4c1547688


You are receiving this mail because:
  • You are watching all bug changes.