Wireshark-bugs: [Wireshark-bugs] [Bug 3010] New: ate dissector bug with Gogs: proto.c.2085: fail
Date: Wed, 29 Oct 2008 08:46:51 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3010

           Summary: ate dissector bug with Gogs:  proto.c.2085: failed
                    assertion "(guint)hfindex < gpa_hfinfo.len"
           Product: Wireshark
           Version: 1.0.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: joel.studtmann@xxxxxxxxxx


Build Information:
Version 1.0.4 (SVN Rev 26501)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--

For the short version, I’m getting the following error when I attempt to use
a Gog in the configuration file:

[Dissector bug, protocol MATE: proto.c:2085: failed assertion "(guint)hfindex <
gpa_hfinfo.len"]

A google for similar error hinted to a problem in the dissector itself when an
array is out of bounds, but C++ is not my forte.  The configuration file is
extremely simple, and I get the dissector error only with the Gog stanza in
place:


Pdu rp_pdu Proto a11 Transport ip {
        Extract addr From ip.addr;
        Extract type From a11.type;
        Extract life From a11.life;
        Extract msid From a11.ext.msid;
        Extract grekey From a11.ext.key;
        Extract pdsn From a11.haaddr;
        Extract ident From a11.ident;
};

Gop rp_signal On rp_pdu Match (addr, addr, msid, ident) {
        Start (type = 1);
        Stop (type = 3);
};

Gog call {
        Member rp_signal (msid);
        Expiration 1800;

};

Done;




Here’s what I’ve run through in the past few days:
As I needed to re-install Wireshark to enable MATE anyway, I downloaded 1.0.4,
and noted the release notes that MATE crashes were fixed in 1.0.4.
Worked through the examples / config syntax, built some PDUs, fixed the grammar
errors (dang capitalization of From, semicolons, et cetra), and was excited to
see it work
Attempted to configure a Gog, and watched the Dissector error above scroll
through the screen.  Assumed it was a configuration error, so tweaked the
syntax… removed attributes.. changed keys…  loosened restrictions on
Gops…all to no avail.  Wireshark always gave a dissector error with Gog
stanza was enabled.
After a good night’s sleep, remembered that 1.0.4 had changes to fix some
bugs in 1.0.3.. so installed that instead.  1.0.3 kinda worked… sometimes. 
Some files wouldn’t open, while copies of those files (or filtered versions
of the original files, would.. or wouldn’t)  Rebooted.  Some worked, some
didn’t.  Some files wouldn’t open with double-click, but would if wireshark
was opened first. 
When it did open, I didn’t get a dissector error, but individual legs of the
Gop weren’t included into Gog;  figured out default timer of 2 seconds was
creating new Gog, so figured out how to do that.  (BTW:  the Expiration can’t
be the first part of the Gog, but works as last line.)
1.0.3 continued to crash more often than not, so I downloaded latest Visual C++
runtime, and tried 1.0.4 again.  Crashes stopped, but I get a dissector error
on every PDU again when it attempts to do a Gog.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.