Wireshark · Wireshark-users: Re: [Wireshark-users] Possible memory leak using Lua script

Wireshark-users: Re: [Wireshark-users] Possible memory leak using Lua script

From: Javi Gallart <jgallart@xxxxxxxxxxxxxxxx>

Date: Wed, 09 Oct 2013 17:20:51 +0200

Thanks for the reply.

I will try the latest version.

Just to make the case clearer, we're using tshark (configured with--disable-wiresahrk). It's doing a live capture and exiting a LuaListener that writes some parts of the packet to a file. We'd like it tokeep running constantly; but we need to restart it frequently because itruns out of memory.


Regards

Javi
On 10/08/2013 07:37 PM, Jeff Morriss wrote:

On 10/07/13 12:29, Javi Gallart wrote:

Hello

I am using a Lua script the extracts and writes to disk files from a
packet. When running in "realtime" everything goes smoothly but the
memory usage keeps growing until we have to restart everithing. So all
points to a memerory leak somehwere. We are tapping sigtran traffic.

Have you read this article? Chances are you're not looking at a leakat all:


http://wiki.wireshark.org/KnownBugs/OutOfMemory

Runnning with Valgring as recommended here
(http://wiki.wireshark.org/Development/Tips) I obtained this:

  Invalid read of size 4
     at 0x65E1D18: mtp3_addr_to_str_buf (in
/usr/lib64/libwireshark.so.3.1.1)

by 0x619F303: address_to_str_buf (in/usr/lib64/libwireshark.so.3.1.1)

     by 0x619F6A5: ??? (in /usr/lib64/libwireshark.so.3.1.1)
     by 0x619DC64: ??? (in /usr/lib64/libwireshark.so.3.1.1)
     by 0x61A3884: ??? (in /usr/lib64/libwireshark.so.3.1.1)
     by 0x61A5C51: col_fill_in (in /usr/lib64/libwireshark.so.3.1.1)
     by 0x1211F5: ??? (in /usr/sbin/tshark)
     by 0x122A11: ??? (in /usr/sbin/tshark)
     by 0x114CC4: ??? (in /usr/sbin/tshark)
     by 0x9DA9B74: (below main) (in /usr/lib64/libc-2.17.so)
   Address 0x13886f54 is 4 bytes inside a block of size 28 free'd

[...]

  LEAK SUMMARY:
     definitely lost: 2,586,839 bytes in 151,327 blocks

[...]

Should I assume that there is a leak in mtp3_addr_to_str_buf function?

No, that's a memory use after the memory in question was freed (verydifferent from a leak). That was fixed viahttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8247; that fix isin the 1.10.x stable versions but not earlier versions.

That Valgrind does show ~2 Mb of leaked memory though I think that'spretty usual in the current stable branch--a lot of shutdown-relatedmemory leaks have been fixed in the current development version.

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] Possible memory leak using Lua script
  - From: Jeff Morriss

References:
- [Wireshark-users] Possible memory leak using Lua script
  - From: Javi Gallart
- Re: [Wireshark-users] Possible memory leak using Lua script
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-users] Possible memory leak using Lua script
Next by Date: [Wireshark-users] SNMP resolution problems
Previous by thread: Re: [Wireshark-users] Possible memory leak using Lua script
Next by thread: Re: [Wireshark-users] Possible memory leak using Lua script
Index(es):
- Date
- Thread