Wireshark-bugs: [Wireshark-bugs] [Bug 12257] New: CIP: proto_tree_add_subtree_format returns NUL
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 14 Mar 2016 02:00:45 +0000
Bug ID 12257
Summary CIP: proto_tree_add_subtree_format returns NULL for tree_item sometimes with Qt build
Product Wireshark
Version 2.1.x (Experimental)
Hardware x86-64
OS Windows 10
Status UNCONFIRMED
Severity Minor
Priority Low
Component Qt UI
Assignee bugzilla-admin@wireshark.org
Reporter daulis0@gmail.com 

Created attachment 14413 [details]
pcap to reproduce, and screenshots

Build Information:
Version 2.1.0-2316-g28bfb32 (v2.1.0rc0-2316-g28bfb32 from master)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 10, build 10586, with locale C, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz (with SSE4.2), with 8143MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 40629
--
In packet-cip.c - dissect_cip_multiple_service_packet(), the
proto_tree_add_subtree_format() call sometimes returns a NULL for
mult_serv_item in the Qt build, which ends up causing the Info column to
display unexpected information. The Gtk build does not have this problem.

Here is what I do to repeat:
1. Open the attached msp_request_qt_problem.pcap
2. Wireshark displays things as expected
(msp_request_qt_problem_right_after_opening.PNG)
3. Apply a "cip" filter, and then the Info column is wrong. More text is added,
eg: "Class (0x72) - ". See msp_request_qt_problem_after_cip_filter.PNG. Based
on the actual code, that shouldn't happen. It's weird that the Info column
looks to execute a different code path, than the tree. Maybe Wireshark does
multiple passes through the pcap, and the Info column gets set in one pass, and
the tree stuff gets set in another pass?

My guesses:
1. proto_tree_add_subtree_format() allocates memory (a few calls down). Maybe
the Qt build has different memory pool sizes than Gtk version?
2. If the memory pool sizes are the same, maybe the usable memory sizes for
packet data are less in the Qt version, because Qt uses more memory?
3. Wireshark seems to parse the packet multiple times (when opening, applying
filters, etc). The Qt version does extra passes, calling
proto_tree_add_subtree_format() more than the Gtk version, maybe this causes
the memory pool to run out sooner? When I run the above steps in the Gtk
version, proto_tree_add_subtree_format() is called 10 times. In the Qt version,
proto_tree_add_subtree_format() is called 14 times.

You are receiving this mail because:
  • You are watching all bug changes.