Wireshark mailing list archives

Re: Wireshark crash after removing if(tree)

From: Raj sekar <mrajsekar () gmail com>
Date: Fri, 27 Feb 2015 22:36:38 +0800

Hi pascal,

I saw I do have errors due to sdu length.   But it was showing packet
malformed.  I set many break points an d found every tree produced the
error access violation. In the debug I could see.

I had errors on my code in one function and I have disabled it and seen. So
that's the reason wanted to ask any other possible way to solve this.

  Example :
Move all my functions inside my dissect function.  So I can put everything
under if (tree) . I do not know it is right or it Will work. I thought of
asking suggestions.

I saw there was a question  same issue last time some one posted but there
was  no answer so I thought some one may had this problem earlier and help
me.

Thanks pascal.

Raj


On 27 Feb 2015 22:25, "Pascal Quantin" <pascal.quantin () gmail com> wrote:


Le 27 févr. 2015 14:38, "Raj sekar" <mrajsekar () gmail com> a écrit :


Hi

I am developing custom dissector and i was having issues on reassembly

with help from PASCAL i have found my reassembly is not working because

of if(tree) and if i remove if(tree) i can able to open my pcap file only
in debug mode (Edit -> preference -> console window = always debugging).
and i can able to see my reassembly successful. but not in normal mode.


i ran MSVC debugger and found the error in trees

in dissect function under if(tree)

iam calling functions  8+ different functions. in debuggger i could see

all my sub trees and other trees returning error


ALL trees getting CXX0030 ERROR Mnt tree 0x00000000 null pointer. First

child ???? Last child ???? Next ???? Parent ???? Fino ???? Data ????


All the trees have this same error.

my code is some thing like this

dissect function { if (tree){ call function1(passed tree); call

function2(passed tree); } } function1 (){ used tree created subtree
function3 (passed subtree) } function2(){ used tree created subtree
function4 (passed subtree) } function 4(){ reassembly code here.. }


I have used wireshark build 1.11.3 and also i hae tried 1.12.3 both are

getting same issue .


Some one please suggest what i can do with this ? any suggestions to

overcome from this.

As you seem to deliberately ignore what I already wrote you,  I will quote
myself again:
"If you read the documentation found in the doc folder of Wireshark source
code, you will see that this is normal to have tree == NULL on first pass
and this is gracefully handled by proto_tree_add_XXX functions with recent
versions of Wireshark (I do not know whether this was the case with older
versions of Ethereal as they are obsolete since years).
On subsequent passes, tree will be not NULL. Please refer to the
documentation for further understanding."
You told me that your code is triggering malformed packets and starts
access violation, but despite my numerous requests asking you to do step by
step debugging to identify the root cause, it seems like you have not done
it (no I do not believe a NULL tree is an issue unless you try to do
something very bad with it).
If someone feels courageous enough to provide support, feel free :) On my
side I give up here.


I have posted the question here

https://ask.wireshark.org/questions/40125/wireshark-crash-after-removing-of-iftree


Please help.

Thanks

Best Regards
Raj

___________________________________________________________________________

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org

?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark crash after removing if(tree) Raj sekar (Feb 27)
- Re: Wireshark crash after removing if(tree) Pascal Quantin (Feb 27)
  - Re: Wireshark crash after removing if(tree) Raj sekar (Feb 27)