Wireshark-bugs: [Wireshark-bugs] [Bug 1906] New: Segfault on Statistics/RTP/Show of two frames p
Date: Thu, 11 Oct 2007 08:31:23 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1906

           Summary: Segfault on Statistics/RTP/Show of two frames portmap
                    dump
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: fpeters@xxxxxxxxxx


Build Information:
Version 0.99.6

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.0, with GLib 2.14.1, with libpcap 0.9.8, with libz
1.2.3.3, with libpcre 7.2, without Net-SNMP, with ADNS, without Lua, with
GnuTLS
1.7.19, with Gcrypt 1.2.4, with MIT Kerberos, with PortAudio PortAudio
V19-devel, without AirPcap.

Running on Linux 2.6.23, with libpcap version 0.9.8.

Built using gcc 4.1.3 20070718 (prerelease) (Debian 4.1.2-14).
--
Reported as Debian bug http://bugs.debian.org/446206

----

wireshark segfaults on a Statistics/RTP/Show all streams (the original
source is a 500MB dump from 2 hours of intranet traffic, including a
ToIP conference). I reduced the case to a two portmap frames dump (see
attachment).

The backtrace contains a lot of functions, probably a loop.

Core was generated by `wireshark'.
Program terminated with signal 11, Segmentation fault.
#0  0xb637a6f5 in g_hash_table_lookup () from /usr/lib/libglib-2.0.so.0
#1  0xb6e7087c in conversation_lookup_hashtable (hashtable=0x8a293a0,
frame_num=2, addr1=0x89b5870, addr2=0xb7f2ea30,
    ptype=PT_UDP, port1=111, port2=0) at conversation.c:655
655             match = g_hash_table_lookup(hashtable, &key);
#2  0xb6e70e9c in find_conversation (frame_num=2, addr_a=0x89b5870,
addr_b=0xb7f2ea30, ptype=PT_UDP, port_a=111, port_b=0,
    options=1) at conversation.c:929
929        conversation =
#3  0xb722bf75 in dissect_rpc_indir_reply (tvb=0x88b9f68,
pinfo=0x89b5820, tree=0x0, offset=593036, result_id=32340,
    prog_id=32333, vers_id=32337, proc_id=32335) at packet-rpc.c:1529
1529                    conversation = find_conversation(pinfo->fd->num,
&pinfo->dst, &null_address,
#4  0xb71f19fc in dissect_callit_reply (tvb=0x88b9f68, offset=593036,
pinfo=0x89b5820, tree=0x0) at packet-portmap.c:344
344             offset = dissect_rpc_indir_reply(tvb, pinfo, tree, offset,
#5  0xb7229fab in call_dissect_function (tvb=0x88b9f68, pinfo=0x89b5820,
tree=0x89b5870, offset=593032,
    dissect_function=0xb71f1950 <dissect_callit_reply>,
progname=0xbf7a9024 "") at packet-rpc.c:1272
1272                    offset = dissect_function(tvb, offset, pinfo, tree);
#6  0xb71f19fc in dissect_callit_reply (tvb=0x88b9f68, offset=593028,
pinfo=0x89b5820, tree=0x0) at packet-portmap.c:344
344             offset = dissect_rpc_indir_reply(tvb, pinfo, tree, offset,


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.