Wireshark-bugs: [Wireshark-bugs] [Bug 1651] New: Warn dissector bug, memory error, crashes Wires
Date: Mon, 18 Jun 2007 14:23:07 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1651

           Summary: Warn dissector bug, memory error, crashes Wireshark
           Product: Wireshark
           Version: 0.99.5
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: lanellallen@xxxxxxxxxxxxx
                CC: lanellallen@xxxxxxxxxxxxx


Build Information:
Version 0.99.5 (SVN Rev 20677)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.7, with GLib 2.12.7, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I'm getting this at least once a day on packet traces I run. There are two
scenarios: 

1) Run a trace, save the file and open in Wireshark. It doesn't appear to
matter the size of the trace, the message pops up in a DOS box with "Press any
key to continue". After you press the "any" key (:-) the DOS box and Wireshark
crash.

2) With a trace in progress, the message pops up in a DOS box with "Press any
key to continue". After you press the "any" key (:-) the DOS box and Wireshark
crash.

The saved trace files are unuseable as they will crash Wireshark. If there is a
way to delete the one broken packet, I haven't found it. I know you can save a
range of packets, and I could mark everything before in a range, or everything
after and then merge the files, but I usually end up running another trace and
hoping I didn't miss anything important.

These are four different errors on four different days.

06:43:29        Warn Dissector bug, protocol SSL, in packet 38522:
emem.c:444:failed assertion "size <<10485760>>2>"

06:43:29        Warn Dissector bug, protocol SSL, in packet 38523:
emem.c:444:failed assertion "size <<10485760>>2>"

08:06:45        Warn Dissector bug, protocol NCP, in packet 78439:
STATUS_ACCESS_VIOLATION: DISSECTOR ACCED AN INVALID MEMORY ADDRESS

07:20:04        Warn Dissector bug, protocol NCP, in packet 40098:
STATUS_ACCESS_VIOLATION: DISSECTOR ACCED AN INVALID MEMORY ADDRESS


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.