Wireshark-users: Re: [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled
From: Antriksh Pany <antriksh.pany@xxxxxxxxx>
Date: Fri, 12 Nov 2010 12:59:01 +0530
I have filed Bug 5382 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5382) for the same. It has attached a sample pcap file that causes the crash as well. Thanks Martin for your advise. - Antriksh On Thu, Nov 11, 2010 at 6:29 PM, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote: > > > On Thu, Nov 11, 2010 at 12:41 PM, Antriksh Pany <antriksh.pany@xxxxxxxxx> > wrote: >> >> Hello >> >> The crash was occurring due to incorrect rnti type being filled up. We >> actually had broadcast information flowing. But the rnti type was 3 >> (C_RNTI). And this seemed to be causing wireshark to attempt to decode >> the message as a dedicated UE message (noticed that during the couple >> of times that it did not crash in Windows). > > It would still be good to make sure we didn't crash, so that users such as > yourself would see the problem more quickly. > Wireshark shouldn't crash - it should show the packet as malformed and > hopefully make the problem obvious. > >> >> When I corrected the rnti type, the problem went away. >> >> I think this should be a very good indicator of where in code the >> problem would be. If there are some pointers as to where to look in >> code, I could consider having a look myself! >> >> Also, I guess wireshark could warn us when the RNTI is that of SI >> (broadcast), but the rnti type is set differently. > > Yes, it probably should verify that the SI- and P- RNTI types have the > correct value. > > Regards, > Martin > >> >> Cheers >> Antriksh >> >> >> >> On Thu, Nov 11, 2010 at 12:22 PM, Antriksh Pany <antriksh.pany@xxxxxxxxx> >> wrote: >> > Hello >> > >> > I am facing a crash when I enable the option >> > 'Try Heuristic LTE-MAC over UDP framing' >> > and load an appropriate pcap. >> > >> > The crash does not occur when I turn off this option, and load the same >> > pcap. >> > >> > This is the log: >> > ----------------------- >> > bash-3.2$ /opt/wireshark/bin/wireshark >> > >> > (wireshark:10799): GLib-GObject-WARNING **: invalid (NULL) pointer >> > instance >> > >> > (wireshark:10799): GLib-GObject-CRITICAL **: g_signal_emit_by_name: >> > assertion `G_TYPE_CHECK_INSTANCE (instance)' failed >> > Segmentation fault >> > bash-3.2$ >> > bash-3.2$ uname -a >> > Linux dennis 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 >> > x86_64 x86_64 GNU/Linux >> > bash-3.2$ /opt/wireshark/bin/wireshark -v >> > wireshark 1.4.1 >> > >> > Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and >> > contributors. >> > This is free software; see the source for copying conditions. There is >> > NO >> > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR >> > PURPOSE. >> > >> > Compiled with GTK+ 2.10.4, (64-bit) with GLib 2.12.3, with libpcap >> > 0.9.4, with >> > libz 1.2.3, with POSIX capabilities (Linux), with libpcre (version >> > unknown), >> > without SMI, without c-ares, without ADNS, without Lua, without Python, >> > with >> > GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos, without GeoIP, >> > without >> > PortAudio, without AirPcap. >> > >> > Running on Linux 2.6.18-128.el5, with libpcap version 0.9.4, with libz >> > 1.2.3, >> > GnuTLS 1.4.1, Gcrypt 1.2.4. >> > >> > Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44). >> > bash-3.2$ >> > ----------------------- >> > >> > >> > Also, I had tried doing the same on Windows. It was able to open the >> > pcap correctly on the first few occassions. But it consistently >> > crashes on windows as well now. >> > These are the problem details shown by Windows (windows 7): >> > ----------------------- >> > Problem signature: >> > Problem Event Name: APPCRASH >> > Application Name: wireshark.exe >> > Application Version: 1.4.1.34476 >> > Application Timestamp: 4cb35037 >> > Fault Module Name: libwireshark.dll >> > Fault Module Version: 1.4.1.34476 >> > Fault Module Timestamp: 4cb34ea4 >> > Exception Code: c0000005 >> > Exception Offset: 0001148f >> > OS Version: 6.1.7600.2.0.0.256.4 >> > Locale ID: 1033 >> > Additional Information 1: 0a9e >> > Additional Information 2: 0a9e372d3b4ad19135b953a78882e789 >> > Additional Information 3: 0a9e >> > Additional Information 4: 0a9e372d3b4ad19135b953a78882e789 >> > ----------------------- >> > I have tried things such as restarting the system etc, but nothing >> > works. >> > >> > Any help/suggestions is appreciated. >> > >> > Thanks >> > Antriksh Pany >> > >> >> ___________________________________________________________________________ >> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> >> Archives: http://www.wireshark.org/lists/wireshark-users >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users >> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe > > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe >
- References:
- [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled
- From: Antriksh Pany
- Re: [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled
- From: Antriksh Pany
- Re: [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled
- From: Martin Mathieson
- [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled
- Prev by Date: [Wireshark-users] [HITB-Announce] HITB Magazine #5 Call for Articles
- Next by Date: Re: [Wireshark-users] Decrypting SSL traffic through tshark
- Previous by thread: Re: [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled
- Next by thread: [Wireshark-users] Trouble converting .pcap file to XML (pdms) via command line in Windows
- Index(es):