Wireshark-bugs: [Wireshark-bugs] [Bug 2436] New: Trying to view "Expert Info Composite" crashes
Date: Wed, 9 Apr 2008 18:26:51 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2436

           Summary: Trying to view "Expert Info Composite" crashes Wireshark
           Product: Wireshark
           Version: 1.0.0
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: enfiniti27@xxxxxxxxxxx


Build Information:
Version 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows Vista Service Pack 1, build 6001, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
If you try and view the "Analyze->Expert Info Composite" menu option Wireshark
crashes. 

Here is the exception that occurs and the stack (that I can resolve anyway):

(1d4c.1ec8): Access violation - code c0000005 (!!! second chance !!!)
eax=f8a946f8 ebx=f8a94700 ecx=6862e5e0 edx=0000ffff esi=003b0000 edi=00000000
eip=779ef217 esp=0017efb8 ebp=0017efc4 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
ntdll!RtlFreeHeap+0x36:
779ef217 80780705        cmp     byte ptr [eax+7],5         ds:002b:f8a946ff=??

ChildEBP RetAddr  Args to Child              
0017efc4 77283593 003b0000 00000000 f8a94700 ntdll!RtlFreeHeap+0x36
0017efd8 763c9d6b 003b0000 00000000 f8a94700 kernel32!HeapFree+0x14
0017f024 00fb33da f8a94700 07e675a0 0000ffff MSVCRT!free+0xcd
0017f038 00bf6b28 00fb33b1 0017f064 685f8992
libwireshark!proto_register_ldap+0xea4
0017f044 685f8992 00fb33b1 00000000 05b8e7f0 libwireshark!init_dissection+0x45
WARNING: Stack unwind information not available. Following frames may be wrong.
0017f064 00bf6b07 041283a8 00bf6b1b 00000000 libglib_2_0_0!g_slist_foreach+0x22
0017f078 00414f1f 0017f070 00000001 0814f970 libwireshark!init_dissection+0x24
0017f13c 00414eb1 00597520 00502c88 00502c7c
wireshark!cf_redissect_packets+0x88
0017f158 004a6f5c 00597520 08639958 0849a410
wireshark!cf_redissect_packets+0x1a
0017f190 004a7399 0059200c 00000000 0017f1c0
wireshark!register_tap_listener_expert_comp+0x61c
0017f1a0 6186f505 05b8e7f0 00000000 00000000
wireshark!register_tap_listener_expert_comp+0xa59
0017f1c0 002f3945 05b8e7f0 05ba4b60 00000001
libgtk_win32_2_0_0!gtk_item_factory_get_type+0x2b5
0017f220 00307125 05b76f80 00000000 00000001
libgobject_2_0_0!g_closure_invoke+0x115
0017f310 00307eda 05b8e7f0 00000000 0017f3f8
libgobject_2_0_0!g_signal_has_handler_pending+0xf55
0017f590 00308166 05b8e7f0 00000067 00000000
libgobject_2_0_0!g_signal_emit_valist+0x7fa
0017f5b0 619be3db 05b8e7f0 00000067 00000000
libgobject_2_0_0!g_signal_emit+0x26
0017f5d0 618a0d0c 05b8e7f0 05b21050 0017f600
libgtk_win32_2_0_0!gtk_widget_activate+0x9b
0017f600 618a10aa 05b432b8 05b8e7f0 00000001
libgtk_win32_2_0_0!gtk_menu_shell_activate_item+0xec
0017f660 6188c522 05b432b8 08900110 040c1160
libgtk_win32_2_0_0!gtk_menu_shell_activate_item+0x48a
0017f690 002f3945 040c8b58 0017f788 00000002
libgtk_win32_2_0_0!gtk_marshal_VOID__UINT_STRING+0x142
0017f6f0 00306d56 040c8b58 0017f788 00000002
libgobject_2_0_0!g_closure_invoke+0x115
0017f7e0 00307c2c 05b432b8 0017f858 0017f8c8
libgobject_2_0_0!g_signal_has_handler_pending+0xb86
0017fa60 00308166 05b432b8 0000001d 00000000
libgobject_2_0_0!g_signal_emit_valist+0x54c
0017fa80 619be564 05b432b8 0000001d 00000000
libgobject_2_0_0!g_signal_emit+0x26
0017fab0 618896c1 05b432b8 08900110 0017fae0
libgtk_win32_2_0_0!gtk_widget_activate+0x224
0017fae0 6188a9f1 05b8e7f0 08900110 0017fb20
libgtk_win32_2_0_0!gtk_propagate_event+0xd1
0017fb30 6c3712ce 08900110 00000000 0017fb60
libgtk_win32_2_0_0!gtk_main_do_event+0x261
0017fb50 685de887 003beee8 00000000 00000000
libgdk_win32_2_0_0!gdk_event_get_graphics_expose+0x3ace
0017fbb0 685dfd6b 040c6a20 00000000 0414dca8
libglib_2_0_0!g_main_context_dispatch+0x197
0017fbf0 685dff5a 00000001 003b95f8 0017fc20
libglib_2_0_0!g_main_context_acquire+0x3db
0017fc20 61889f3e 05cd7760 05cd7760 763e24b5
libglib_2_0_0!g_main_loop_run+0x17a
0017fc70 0041d7ff 00000000 00764f29 00000000 libgtk_win32_2_0_0!gtk_main+0x9e
0017fed4 0041f010 00000000 003b9478 00000008 wireshark!main+0x1029
0017feec 0041ab36 00400000 00000000 00764f29 wireshark!WinMain+0x5a
0017ff88 7728e3f3 fffde000 0017ffd4 77a3cfed wireshark!WinMainCRTStartup+0x134
0017ff94 77a3cfed fffde000 3f66426d 00000000 kernel32!BaseThreadInitThunk+0xe
0017ffd4 77a3d1ff 0041aa02 fffde000 00000000 ntdll!__RtlUserThreadStart+0x23
0017ffec 00000000 0041aa02 fffde000 00000000 ntdll!_RtlUserThreadStart+0x1b

It would seem that we are passing an invalid pointer to the block to be freed. 
ChildEBP RetAddr  Args to Child  
0017f024 00fb33da f8a94700 07e675a0 0000ffff MSVCRT!free+0xcd
f8a94700 is our pointer to the block we should free and that address is
invalid.

It seems this is originating from libwireshark!proto_register_ldap+0xea4


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.