Wireshark mailing list archives

Re: Unhandled exception

From: Anders Broman <anders.broman () ericsson com>
Date: Tue, 18 Sep 2018 08:59:18 +0000

Hi,
Thinking about it a bit more should proto_registrar_get_id_byname() assert on a non valid name? This may be the 
simplest safe guard.
Regards
Anders

From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of Anders Broman
Sent: den 18 september 2018 10:29
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Unhandled exception

Hi,
Perhaps filter names referenced in other dissectors should be a define in a common .h file to make it obvious that the 
name must be changed in more than one place. Solving part of the problem.
Then TRANSNUM should check for -1 I suppose and perhaps my trouble shooting patch:
        if (hf_of_interest[i].hf < 0) {
            g_warning("hf %s not found, index %u", hf_of_interest[i].proto_name);
        }
Regards
Anders


From: Wireshark-dev <wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org>> On Behalf 
Of Pascal Quantin
Sent: den 18 september 2018 10:23
To: Developer support list for Wireshark <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Subject: Re: [Wireshark-dev] Unhandled exception

I'm uploading a patch.

Pascal.

Le mar. 18 sept. 2018 à 10:20, Pascal Quantin <pascal.quantin () gmail com<mailto:pascal.quantin () gmail com>> a écrit 
:
Hi Anders,

Le mar. 18 sept. 2018 à 10:19, Anders Broman <anders.broman () ericsson com<mailto:anders.broman () ericsson com>> a 
écrit :
Hi,
I think that the problem is that one of these fields has changed name, but debugging the registration phase is hard on 
Windows as the console is not open...GRR

this seems to be the ssl.record.content_type field.
We should check if we can make Transum more robust to this kind of errors in the future.


* The following are the field ids for the protocol values used by TRANSUM.
    Make sure they line up with ehf_of_interest order */
HF_OF_INTEREST_INFO hf_of_interest[HF_INTEREST_END_OF_LIST] = {
    { -1, "ip.proto" },
    { -1, "ipv6.nxt" },

    { -1, "tcp.analysis.retransmission" },
    { -1, "tcp.analysis.keep_alive" },
    { -1, "tcp.flags.syn" },
    { -1, "tcp.flags.ack" },
    { -1, "tcp.flags.reset" },
    { -1, "tcp.flags.urg" },
    { -1, "tcp.seq" },
    { -1, "tcp.srcport" },
    { -1, "tcp.dstport" },
    { -1, "tcp.stream" },
    { -1, "tcp.len" },

    { -1, "udp.srcport" },
    { -1, "udp.dstport" },
    { -1, "udp.stream" },
    { -1, "udp.length" },

    { -1, "ssl.record.content_type" },

    { -1, "tds.type" },
    { -1, "tds.length" },

    { -1, "smb.mid" },

    { -1, "smb2.sesid" },
    { -1, "smb2.msg_id" },
    { -1, "smb2.cmd" },

    { -1, "dcerpc.ver" },
    { -1, "dcerpc.pkt_type" },
    { -1, "dcerpc.cn_call_id" },
    { -1, "dcerpc.cn_ctx_id" },

    { -1, "dns.id<http://dns.id>"},
};
Regards
Anders

-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org>> On Behalf 
Of João Valverde
Sent: den 18 september 2018 10:10
To: wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Unhandled exception



On 18/09/18 01:07, Maynard, Chris wrote:

Thanks for the tips Richard, but after some additional testing and some head-scratching, I discovered the source of 
the problem was something in my profile, because if I switched to a pristine profile, then master ran fine.  Through 
divide-and-conquer/trial-and-error, I discovered that it was due to enabling the transum dissector, although I can't 
figure out why enabling the transum dissector causes this, and then only for master.  Enabling it for 2.6.2 seems 
fine.

Maybe someone could just confirm if they also experience this exception if they enable the transum dissector?  If 
confirmed, I will file a bug report.


Confirmed on the latest master. Enabling transum crashes wireshark.

The exception, for reference:

Unhandled exception ("proto.c:6497: failed assertion "(guint)hfid < gpa_hfinfo.len" (Unregistered hf!)", group=1, 
code=6)

Thanks.
- Chris

-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org<mailto:wireshark-dev-bounces () wireshark org>] On 
Behalf Of Richard Sharpe
Sent: Monday, September 17, 2018 4:22 PM
To: Developer support list for Wireshark <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Subject: Re: [Wireshark-dev] Unhandled exception

<snip>











CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information.  This message is intended solely for the use of 
the addressee.  If you are not the intended recipient and have received this message in error, please delete this 
message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its 
attachments is strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org<mailto:wireshark-dev-request () wireshark 
org>?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Unhandled exception, (continued)
- - - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Maynard, Chris (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Maynard, Chris (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)