Wireshark mailing list archives

Re: Unhandled exception

From: Anders Broman <a.broman58 () gmail com>
Date: Tue, 18 Sep 2018 16:41:23 +0200

Den tis 18 sep. 2018 16:21Anders Broman <anders.broman () ericsson com> skrev:

 actually with Pascals patch there's a warning printed at startup I think.
It's not visible on Windows though.



*From:* Wireshark-dev <wireshark-dev-bounces () wireshark org> *On Behalf Of
*Maynard, Chris
*Sent:* den 18 september 2018 15:55
*To:* Developer support list for Wireshark <wireshark-dev () wireshark org>
*Subject:* Re: [Wireshark-dev] Unhandled exception

This particular crash with transum didn’t occur just by launching

Wireshark though, but only when reading a capture file or attempting to
capture packets from an interface, so merely starting the application
wouldn’t >have caught it.

- Chris




Ah it’s my proposed patch https://code.wireshark.org/review/#/c/29716/
that makes it assert during startup 😊

Didn’t think of that…

Regards

Anders



*From:* Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org
<wireshark-dev-bounces () wireshark org>] *On Behalf Of *Anders Broman
*Sent:* Tuesday, September 18, 2018 9:42 AM
*To:* Developer support list for Wireshark <wireshark-dev () wireshark org>
*Subject:* Re: [Wireshark-dev] Unhandled exception



Hi,

At  the very least we should have a test step activating all protocols and
starting the application.

As they are disabled by default perhaps fussing is overkill, they might
prolong fussing time unduly?

Regards

Anders



*From:* Wireshark-dev <wireshark-dev-bounces () wireshark org> *On Behalf Of
*Maynard, Chris
*Sent:* den 18 september 2018 15:36
*To:* Developer support list for Wireshark <wireshark-dev () wireshark org>
*Subject:* Re: [Wireshark-dev] Unhandled exception



Thanks.



Should the fuzz tester(s) enable all dissectors by default?  If I *“enable
all protocols”*, then currently the enabled_protos file lists these 3:
prp, stcsig and transum.

- Chris



*From:* Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org
<wireshark-dev-bounces () wireshark org>] *On Behalf Of *Pascal Quantin
*Sent:* Tuesday, September 18, 2018 4:26 AM
*To:* Developer support list for Wireshark <wireshark-dev () wireshark org>
*Subject:* Re: [Wireshark-dev] Unhandled exception



https://code.wireshark.org/review/c/29715/



Cheers,

Pascal.



Le mar. 18 sept. 2018 à 10:22, Pascal Quantin <pascal.quantin () gmail com>
a écrit :

I'm uploading a patch.



Pascal.



Le mar. 18 sept. 2018 à 10:20, Pascal Quantin <pascal.quantin () gmail com>
a écrit :

Hi Anders,



Le mar. 18 sept. 2018 à 10:19, Anders Broman <anders.broman () ericsson com>
a écrit :

Hi,
I think that the problem is that one of these fields has changed name, but
debugging the registration phase is hard on Windows as the console is not
open...GRR



this seems to be the ssl.record.content_type field.

We should check if we can make Transum more robust to this kind of errors
in the future.





* The following are the field ids for the protocol values used by TRANSUM.
    Make sure they line up with ehf_of_interest order */
HF_OF_INTEREST_INFO hf_of_interest[HF_INTEREST_END_OF_LIST] = {
    { -1, "ip.proto" },
    { -1, "ipv6.nxt" },

    { -1, "tcp.analysis.retransmission" },
    { -1, "tcp.analysis.keep_alive" },
    { -1, "tcp.flags.syn" },
    { -1, "tcp.flags.ack" },
    { -1, "tcp.flags.reset" },
    { -1, "tcp.flags.urg" },
    { -1, "tcp.seq" },
    { -1, "tcp.srcport" },
    { -1, "tcp.dstport" },
    { -1, "tcp.stream" },
    { -1, "tcp.len" },

    { -1, "udp.srcport" },
    { -1, "udp.dstport" },
    { -1, "udp.stream" },
    { -1, "udp.length" },

    { -1, "ssl.record.content_type" },

    { -1, "tds.type" },
    { -1, "tds.length" },

    { -1, "smb.mid" },

    { -1, "smb2.sesid" },
    { -1, "smb2.msg_id" },
    { -1, "smb2.cmd" },

    { -1, "dcerpc.ver" },
    { -1, "dcerpc.pkt_type" },
    { -1, "dcerpc.cn_call_id" },
    { -1, "dcerpc.cn_ctx_id" },

    { -1, "dns.id"},
};
Regards
Anders

-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of
João Valverde
Sent: den 18 september 2018 10:10
To: wireshark-dev () wireshark org
Subject: Re: [Wireshark-dev] Unhandled exception



On 18/09/18 01:07, Maynard, Chris wrote:

Thanks for the tips Richard, but after some additional testing and some

head-scratching, I discovered the source of the problem was something in my
profile, because if I switched to a pristine profile, then master ran
fine.  Through divide-and-conquer/trial-and-error, I discovered that it was
due to enabling the transum dissector, although I can't figure out why
enabling the transum dissector causes this, and then only for master.
Enabling it for 2.6.2 seems fine.


Maybe someone could just confirm if they also experience this exception

if they enable the transum dissector?  If confirmed, I will file a bug
report.

Confirmed on the latest master. Enabling transum crashes wireshark.

The exception, for reference:

Unhandled exception ("proto.c:6497: failed assertion "(guint)hfid <

gpa_hfinfo.len" (Unregistered hf!)", group=1, code=6)


Thanks.
- Chris

-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On

Behalf Of Richard Sharpe

Sent: Monday, September 17, 2018 4:22 PM
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Unhandled exception

<snip>






















CONFIDENTIALITY NOTICE: This message is the property of International Game
Technology PLC and/or its subsidiaries and may contain proprietary,
confidential or trade secret information.  This message is intended solely
for the use of the addressee.  If you are not the intended recipient and
have received this message in error, please delete this message from your
system. Any unauthorized reading, distribution, copying, or other use of
this message or its attachments is strictly prohibited.

CONFIDENTIALITY NOTICE: This message is the property of International Game
Technology PLC and/or its subsidiaries and may contain proprietary,
confidential or trade secret information.  This message is intended solely
for the use of the addressee.  If you are not the intended recipient and
have received this message in error, please delete this message from your
system. Any unauthorized reading, distribution, copying, or other use of
this message or its attachments is strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Unhandled exception, (continued)
- - Re: Unhandled exception Maynard, Chris (Sep 17)
    - Re: Unhandled exception João Valverde (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Maynard, Chris (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Maynard, Chris (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)