Wireshark · Wireshark-dev: Re: [Wireshark-dev] Solaris dfilter/dtd issues

Wireshark-dev: Re: [Wireshark-dev] Solaris dfilter/dtd issues

Date: Fri, 21 Jul 2006 05:46:48 +0200

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1009 ?


On 7/21/06, Jeff Morriss <jeff.morriss@xxxxxxxxxxx> wrote:


Well, I have these:

> firebird [~/]> flex -V
> flex version 2.5.4
> firebird [~/]> lex -V
> lex: Software Generation Utilities (SGU) Solaris-ELF (4.0)

but it appears to be using 'flex':

> checking for flex... /usr/local/bin/flex

I upgraded to flex 2.5.31 but still hit the problem.

So I updated SVN (to try the fix for bug 1010) and I still get the parse
errors and the core:

> firebird [~/wireshark/source/]> ./tshark -i qfe2
> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/dc.dtd: syntax error in dc.dtd:7 at or before '#PCDATA':
>
> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/itunes.dtd: syntax error in itunes.dtd:7 at or before '#PCDATA':
>
> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/pocsettings.dtd: syntax error in pocsettings.dtd:4 at or before ')':
>
> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/presence.dtd: syntax error in presence.dtd:4 at or before ')':
>
> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/reginfo.dtd: syntax error in reginfo.dtd:5 at or before ')':
>
> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/rss.dtd: syntax error in rss.dtd:5 at or before ')':
>
> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/smil.dtd: syntax error in smil.dtd:14 at or before ',':
> syntax error at end of fileDTD parsing failure
>
> Bus Error (core dumped)
> firebird [~/wireshark/source/]> cat svnversion.h
> #define SVNVERSION "SVN Rev 18777"

though actually the core is in a new place:

> firebird [~/wireshark/source/]> pstack core.tshark.8209
> core 'core.tshark.8209' of 8209:        tshark -i qfe2
>  fd9c49a4 _free_unlocked (61782065, 776c8, 22c78, fda3c000, 2c8, ac0) + 40
>  fd9c4954 free     (61782065, 61782065, 0, 2a38c0, ff2c19f4, ff2c1a90) + 20
>  fe9e8090 destroy_dtd_data (286208, 2861b8, 2f, 29b19a, 19d6b0, ff00) + 118
>  fe9e88d0 proto_register_xml (4c400, 0, feebabd8, feebac10, 156f94, 29b080) + 330
>  fe9f0328 register_all_protocols (ffffffff, df4, 0, ff2c2440, fac, ff2c2438) + 1424
>  fe4ba460 proto_init (325f8, 44114, 44120, ff2c1a90, ff2c1aa0, ff2c2b04) + 104
>  fe4a83a8 epan_init (325f8, 44114, 44120, 26ca8, 26c5c, 2a128) + 64
>  000286bc main     (3, ffbff87c, 0, 55598, 44800, 0) + dc
>  00016054 _start   (0, 0, 0, 0, 0, 0) + 5c

Oof.

LEGO wrote:
> can you type
> $ lex -V
> $ flex -V
>
> and see what comes out. I think you might be using sun's lex (for
> which I never tested the code) instead of flex.
>
> On 7/20/06, Jeff Morriss <jeff.morriss@xxxxxxxxxxx> wrote:
>> Hi list,
>>
>> I've been trying to get a running Wireshark 0.99.2 on Solaris 9 for a
>> couple days now; recently I switched to working from SVN and I'm still
>> having issues.  They all seem to be related to dtd or dfilter stuff.
>> For example, trying to run SVN 18769 gives:
>>
>>> firebird [~/wireshark/source/]> export LD_LIBRARY_PATH=epan/.libs
>>> firebird [~/wireshark/source/]> .libs/tshark -i qfe2
>>>
>>> Magic num is 0x00000000, but should be 0xe9b00b9e
>>>
>>> Abort (core dumped)
>> 'gdb' shows:
>>
>>> (gdb) bt
>>> #0  0xfda1f090 in _libc_kill () from /usr/lib/libc.so.1
>>> #1  0xfd9b69f0 in abort () from /usr/lib/libc.so.1
>>> #2  0xfdc495d0 in g_logv (log_domain=0x0, log_level=G_LOG_LEVEL_ERROR,
>>>     format=0x583f8 "", args1=0x6) at gmessages.c:391
>>> #3  0xfdc49600 in g_log (log_domain=0x400 <Address 0x400 out of bounds>,
>>>     log_level=G_LOG_LEVEL_ERROR, format=0x583f8 "") at gmessages.c:408
>>> #4  0xfe4dc080 in stnode_free (node=0x223c90) at syntax-tree.c:146
>>> #5  0xfe4d7328 in Dfilter (yyp=0x230788, yymajor=24, yyminor=0x230798,
>>>     dfw=0x1f) at grammar.lemon:289
>>> #6  0xfe4d4e28 in dfilter_compile (
>>>     text=0xfed43da8 "(ncp.ext_info_newstyle == 0) && (ncp.ret_info_mask_mod == 0)", dfp=0xff12ef48) at dfilter.c:221
>>> #7  0xfe7fbe14 in final_registration_ncp2222 () at packet-ncp2222.c:19254
>>> #8  0xfe4a9e34 in call_final_registration_routine (routine=0xfe7fbdbc,
>>>     dummy=0x0) at packet.c:241
>>> #9  0xfdc51ed8 in g_slist_foreach (list=0x61c80,
>>>     func=0xfe4a9e28 <call_final_registration_routine>, user_data=0x0)
>>>     at gslist.c:487
>>> #10 0xfe4a688c in epan_init (plugin_dir=0x61c80 "þ\177½¼",
>>>     register_all_protocols=0xfe4a9e28 <call_final_registration_routine>,
>>>     register_all_handoffs=0, report_failure=0x26ca8 <failure_message>,
>>>     report_open_failure=0x26c5c <open_failure_message>,
>>>     report_read_failure=0x2a128 <read_failure_message>) at epan.c:75
>>> #11 0x000286c4 in main (argc=3, argv=0xffbff8ec) at tshark.c:759
>>> (gdb) q
>>
>> Interestingly, if I build the package and install it, I get a different
>> set of errors, still in dfilter, though:
>>
>>> firebird [~/]> tshark -i qfe2
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/dc.dtd: syntax error in dc.dtd:7 at or before '#PCDATA':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/itunes.dtd: syntax error in itunes.dtd:7 at or before '#PCDATA':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/pocsettings.dtd: syntax error in pocsettings.dtd:4 at or before ')':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/presence.dtd: syntax error in presence.dtd:4 at or before ')':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/reginfo.dtd: syntax error in reginfo.dtd:5 at or before ')':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/rss.dtd: syntax error in rss.dtd:5 at or before ')':
>>>
>>> Bus Error (core dumped)
>>> firebird [~/]> pstack core.tshark.6580
>>> core 'core.tshark.6580' of 6580:        tshark -i qfe2
>>>  fe4a0fe0 yy_find_shift_action (2a10a8, 16, 27, 54, fe9f0b08, 28) + a8
>>>  fe4a10d4 DtdParse (2a10a8, 16, 2a10ac, 2, 38c, ff2beb40) + 34
>>>  fe4a24e4 Dtd_Parse_lex (21, ff2beb38, ff2beb3c, fe9f0fbc, fe9f10a8, 394) + 338
>>>  fe4a3524 dtd_parse (156f4c, ff2beb8c, 156f94, 7efefeff, 81010100, ff00) + e0
>>>  fe9e5c10 proto_register_xml (4c400, 0, feeb7dc8, feeb7e00, 156f94, 29b080) + 2e8
>>>  fe9ed6b0 register_all_protocols (ffffffff, de4, 0, ff2bf560, f9c, ff2bf558) + 1424
>>>  fe4b8924 proto_init (325f8, 44114, 44120, ff2bebb0, ff2bebc0, ff2bfc1c) + 104
>>>  fe4a686c epan_init (325f8, 44114, 44120, 26ca8, 26c5c, 2a128) + 64
>>>  000286bc main     (3, ffbff8e4, 0, 55598, 44800, 0) + dc
>>>  00016054 _start   (0, 0, 0, 0, 0, 0) + 5c
>> The dtd errors make me think think maybe I'm running into issues at
>> least related to bug 1010:
>>
>> http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1010
>>
>>
>> Interestingly, if I create a ~/.wireshark/dtds, the error changes back
>> to the first one:
>>
>>> firebird [~/]> mkdir .wireshark
>>> firebird [~/]> tshark -i qfe2
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/dc.dtd: syntax error in dc.dtd:7 at or before '#PCDATA':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/itunes.dtd: syntax error in itunes.dtd:7 at or before '#PCDATA':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/pocsettings.dtd: syntax error in pocsettings.dtd:4 at or before ')':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/presence.dtd: syntax error in presence.dtd:4 at or before ')':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/reginfo.dtd: syntax error in reginfo.dtd:5 at or before ')':
>>>
>>> tshark: Dtd Parser in file /usr/local/share/wireshark/dtds/rss.dtd: syntax error in rss.dtd:5 at or before ')':
>>>
>>> Bus Error (core dumped)
>>> firebird [~/]> mkdir .wireshark/dtds
>>> firebird [~/]> tshark -i qfe2
>>>
>>> Magic num is 0x00000000, but should be 0xe9b00b9eAbort (core dumped)
>>
>> I've poked around with this for a while now and I'm not getting anywhere
>> fast.  Anyone have any clues/pointers?
>>
>> Thanks,
>> -Jeff
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>>
>
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Follow-Ups:
- Re: [Wireshark-dev] Solaris dfilter/dtd issues
  - From: Jeff Morriss

References:
- [Wireshark-dev] Solaris dfilter/dtd issues
  - From: Jeff Morriss
- Re: [Wireshark-dev] Solaris dfilter/dtd issues
  - From: LEGO
- Re: [Wireshark-dev] Solaris dfilter/dtd issues
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-dev] Solaris dfilter/dtd issues
Next by Date: Re: [Wireshark-dev] Solaris dfilter/dtd issues
Previous by thread: Re: [Wireshark-dev] Solaris dfilter/dtd issues
Next by thread: Re: [Wireshark-dev] Solaris dfilter/dtd issues
Index(es):
- Date
- Thread