Ethereal-users: Re: [Ethereal-users] Segmentation Fault
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Tue, 09 Nov 2004 08:17:45 +1100
Sebastian Felis wrote: -- snip --
tethereal \ -r 2004-09-23.dump \ -l -n -R wlan \ -z proto,colinfo,wlan_mgt.tag.number,wlan_mgt.tag.number \ -z proto,colinfo,wlan_mgt.tag.interpretation,wlan_mgt.tag.interpretation \ -z proto,colinfo,wlan.fc.subtype,wlan.fc.subtype \ -z proto,colinfo,wlan.sa,wlan.sa \ -z proto,colinfo,frame.number,frame.number I tried to detect the SEGV by ddd/gdb, but couldn't locate it well. The SEGV occurs in the 5-th packet while dissecting the tcp conversation by allocating a new chunk (conversation.c:444).
I got a different crash. ethereal from SVN 20041016192915 Program received signal SIGSEGV, Segmentation fault. 0x40c9754b in free () from /lib/libc.so.6 (gdb) bt #0 0x40c9754b in free () from /lib/libc.so.6 #1 0x40c973d3 in free () from /lib/libc.so.6 #2 0x40b8cd1d in g_free (mem=0x82110a8) at gmem.c:186 #3 0x401c1595 in string_fvalue_free (fv=0x8210414) at ftype-string.c:49#4 0x401a12fb in proto_tree_free_node (node=0x820ed90, data=0x0) at proto.c:444 #5 0x401a237d in proto_tree_traverse_in_order (tree=0x820ed90, func=0x401a1280 <proto_tree_free_node>, data=0x0)
at proto.c:373
#6 0x401a235c in proto_tree_traverse_in_order (tree=0x820eeb0,
func=0x401a1280 <proto_tree_free_node>, data=0x0)
at proto.c:368
#7 0x401a2327 in proto_tree_traverse_in_order (tree=0x820eec8,
func=0x401a1280 <proto_tree_free_node>, data=0x0)
at proto.c:353
#8 0x4019ecc4 in proto_tree_free (tree=0x820f330) at proto.c:368
#9 0x4019154c in epan_dissect_free (edt=0x820e908) at epan.c:169
#10 0x0805f709 in process_packet (cf=0x8097be0, pdh=0x0, offset=40,
whdr=0x81e98e0, pseudo_header=0x81e98f4,
pd=0x81f8a08 "D", err=0xbfffee28) at tethereal.c:2636
#11 0x0805f25a in load_cap_file (cf=0x8097be0, out_file_type=2) at
tethereal.c:2375
#12 0x0805e2a4 in main (argc=17, argv=0xbffff034) at tethereal.c:1580 #13 0x40c4017d in __libc_start_main () from /lib/libc.so.6valgrind gave the following before the segv, which makes a few allocations and initialisations suspect.
==19388== pthread_mutex_destroy: mutex is still in use
==19388== at 0x40E32E24: pthread_error (vg_libpthread.c:288)
==19388== by 0x40E33D70: __pthread_mutex_destroy (vg_libpthread.c:1015)
==19388== by 0x40EEF62F: closedir (in /lib/libc-2.2.5.so)
==19388== by 0x40D99590: g_dir_close (gdir.c:150)
==19388== by 0x403B19D1: plugins_scan_dir (plugins.c:306)
==19388== by 0x403B1A5F: init_plugins (plugins.c:387)
==19388== Reading syms from /lib/libnss_db-2.2.so
==19388== object doesn't have a symbol table
==19388== object doesn't have any debug info
==19388== Reading syms from /lib/libnss_files-2.2.5.so
==19388== object doesn't have a symbol table
==19388== object doesn't have any debug info
==19388==
==19388== Invalid write of size 1
==19388== at 0x40021FA2: strcat (mac_replace_strmem.c:126)
==19388== by 0x805FAFC: print_columns (tethereal.c:2813)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388== by 0x805F259: load_cap_file (tethereal.c:2375)
==19388== by 0x805E2A3: main (tethereal.c:1580)
==19388== Address 0x43DD3E45 is 0 bytes after a block of size 513 alloc'd
==19388== at 0x4002A1EE: realloc (vg_replace_malloc.c:310)
==19388== by 0x40DA9CAA: g_realloc (gmem.c:169)
==19388== by 0x805FAD6: print_columns (tethereal.c:2811)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388== by 0x805F259: load_cap_file (tethereal.c:2375)
==19388==
==19388== Invalid write of size 1
==19388== at 0x40021FAB: strcat (mac_replace_strmem.c:127)
==19388== by 0x805FAFC: print_columns (tethereal.c:2813)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388== by 0x805F259: load_cap_file (tethereal.c:2375)
==19388== by 0x805E2A3: main (tethereal.c:1580)
==19388== Address 0x43DD3E7B is not stack'd, malloc'd or free'd
==19388==
==19388== Conditional jump or move depends on uninitialised value(s)
==19388== at 0x40EB2B33: _IO_fputs (in /lib/libc-2.2.5.so)
==19388== by 0x8052BC9: print_line_text (print.c:858)
==19388== by 0x8052730: print_line (print.c:797)
==19388== by 0x805FCAF: print_columns (tethereal.c:2959)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388==
==19388== Conditional jump or move depends on uninitialised value(s)
==19388== at 0x40EB2B3A: _IO_fputs (in /lib/libc-2.2.5.so)
==19388== by 0x8052BC9: print_line_text (print.c:858)
==19388== by 0x8052730: print_line (print.c:797)
==19388== by 0x805FCAF: print_columns (tethereal.c:2959)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388==
==19388== Conditional jump or move depends on uninitialised value(s)
==19388== at 0x40EB2B44: _IO_fputs (in /lib/libc-2.2.5.so)
==19388== by 0x8052BC9: print_line_text (print.c:858)
==19388== by 0x8052730: print_line (print.c:797)
==19388== by 0x805FCAF: print_columns (tethereal.c:2959)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388==
==19388== Invalid read of size 4
==19388== at 0x40EB2B2B: _IO_fputs (in /lib/libc-2.2.5.so)
==19388== by 0x8052BC9: print_line_text (print.c:858)
==19388== by 0x8052730: print_line (print.c:797)
==19388== by 0x805FCAF: print_columns (tethereal.c:2959)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388== Address 0x43DD3E48 is 3 bytes after a block of size 513 alloc'd
==19388== at 0x4002A1EE: realloc (vg_replace_malloc.c:310)
==19388== by 0x40DA9CAA: g_realloc (gmem.c:169)
==19388== by 0x805FAD6: print_columns (tethereal.c:2811)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388== by 0x805F259: load_cap_file (tethereal.c:2375)
==19388==
==19388== Invalid read of size 1
==19388== at 0x40EBCC79: _IO_default_xsputn (in /lib/libc-2.2.5.so)
==19388== by 0x40EBC09B: _IO_file_xsputn (in /lib/libc-2.2.5.so)
==19388== by 0x40EB2BEE: _IO_fputs (in /lib/libc-2.2.5.so)
==19388== by 0x8052BC9: print_line_text (print.c:858)
==19388== by 0x8052730: print_line (print.c:797)
==19388== by 0x805FCAF: print_columns (tethereal.c:2959)
==19388== Address 0x43DD3E45 is 0 bytes after a block of size 513 alloc'd
==19388== at 0x4002A1EE: realloc (vg_replace_malloc.c:310)
==19388== by 0x40DA9CAA: g_realloc (gmem.c:169)
==19388== by 0x805FAD6: print_columns (tethereal.c:2811)
==19388== by 0x805FDCD: print_packet (tethereal.c:3006)
==19388== by 0x805F6AA: process_packet (tethereal.c:2603)
==19388== by 0x805F259: load_cap_file (tethereal.c:2375)
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who
- References:
- [Ethereal-users] Segmentation Fault
- From: Sebastian Felis
- [Ethereal-users] Segmentation Fault
- Prev by Date: [Ethereal-users] Nortel UNIStim Decode Urgently Needed
- Next by Date: [Ethereal-users] Capture filters?
- Previous by thread: [Ethereal-users] Segmentation Fault
- Next by thread: Re: [Ethereal-users] Segmentation Fault
- Index(es):
