Re: Crash when LTE dissector (over UDP framing) enabled

[Antriksh Pany <antriksh.pany () gmail com>]

I have filed Bug 5382
(https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5382) for the
same.
It has attached a sample pcap file that causes the crash as well.

Thanks Martin for your advise.

- Antriksh

On Thu, Nov 11, 2010 at 6:29 PM, Martin Mathieson
<martin.r.mathieson () googlemail com> wrote:
> On Thu, Nov 11, 2010 at 12:41 PM, Antriksh Pany <antriksh.pany () gmail com>
> wrote:
> > Hello
> >
> > The crash was occurring due to incorrect rnti type being filled up. We
> > actually had broadcast information flowing. But the rnti type was 3
> > (C_RNTI). And this seemed to be causing wireshark to attempt to decode
> > the message as a dedicated UE message (noticed that during the couple
> > of times that it did not crash in Windows).
>
> It would still be good to make sure we didn't crash, so that users such as
> yourself would see the problem more quickly.
> Wireshark shouldn't crash - it should show the packet as malformed and
> hopefully make the problem obvious.
>
> > When I corrected the rnti type, the problem went away.
> >
> > I think this should be a very good indicator of where in code the
> > problem would be. If there are some pointers as to where to look in
> > code, I could consider having a look myself!
> >
> > Also, I guess wireshark could warn us when the RNTI is that of SI
> > (broadcast), but the rnti type is set differently.
>
> Yes, it probably should verify that the SI- and P- RNTI types have the
> correct value.
>
> Regards,
> Martin
>
> > Cheers
> > Antriksh
> >
> >
> >
> > On Thu, Nov 11, 2010 at 12:22 PM, Antriksh Pany <antriksh.pany () gmail com>
> > wrote:
> > > Hello
> > >
> > > I am facing a crash when I enable the option
> > >  'Try Heuristic LTE-MAC over UDP framing'
> > > and load an appropriate pcap.
> > >
> > > The crash does not occur when I turn off this option, and load the same
> > > pcap.
> > >
> > > This is the log:
> > > -----------------------
> > > bash-3.2$ /opt/wireshark/bin/wireshark
> > >
> > > (wireshark:10799): GLib-GObject-WARNING **: invalid (NULL) pointer
> > > instance
> > >
> > > (wireshark:10799): GLib-GObject-CRITICAL **: g_signal_emit_by_name:
> > > assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
> > > Segmentation fault
> > > bash-3.2$
> > > bash-3.2$ uname -a
> > > Linux dennis 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64
> > > x86_64 x86_64 GNU/Linux
> > > bash-3.2$ /opt/wireshark/bin/wireshark -v
> > > wireshark 1.4.1
> > >
> > > Copyright 1998-2010 Gerald Combs <gerald () wireshark org> and
> > > contributors.
> > > This is free software; see the source for copying conditions. There is
> > > NO
> > > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
> > > PURPOSE.
> > >
> > > Compiled with GTK+ 2.10.4, (64-bit) with GLib 2.12.3, with libpcap
> > > 0.9.4, with
> > > libz 1.2.3, with POSIX capabilities (Linux), with libpcre (version
> > > unknown),
> > > without SMI, without c-ares, without ADNS, without Lua, without Python,
> > > with
> > > GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos, without GeoIP,
> > > without
> > > PortAudio, without AirPcap.
> > >
> > > Running on Linux 2.6.18-128.el5, with libpcap version 0.9.4, with libz
> > > 1.2.3,
> > > GnuTLS 1.4.1, Gcrypt 1.2.4.
> > >
> > > Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44).
> > > bash-3.2$
> > > -----------------------
> > >
> > >
> > > Also, I had tried doing the same on Windows. It was able to open the
> > > pcap correctly on the first few occassions. But it consistently
> > > crashes on windows as well now.
> > > These are the problem details shown by Windows (windows 7):
> > > -----------------------
> > > Problem signature:
> > >  Problem Event Name:   APPCRASH
> > >  Application Name:     wireshark.exe
> > >  Application Version:  1.4.1.34476
> > >  Application Timestamp:        4cb35037
> > >  Fault Module Name:    libwireshark.dll
> > >  Fault Module Version: 1.4.1.34476
> > >  Fault Module Timestamp:       4cb34ea4
> > >  Exception Code:       c0000005
> > >  Exception Offset:     0001148f
> > >  OS Version:   6.1.7600.2.0.0.256.4
> > >  Locale ID:    1033
> > >  Additional Information 1:     0a9e
> > >  Additional Information 2:     0a9e372d3b4ad19135b953a78882e789
> > >  Additional Information 3:     0a9e
> > >  Additional Information 4:     0a9e372d3b4ad19135b953a78882e789
> > > -----------------------
> > > I have tried things such as restarting the system etc, but nothing
> > > works.
> > >
> > > Any help/suggestions is appreciated.
> > >
> > > Thanks
> > > Antriksh Pany
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >
> > mailto:wireshark-users-request () wireshark org?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe