Wireshark-bugs: [Wireshark-bugs] [Bug 4051] New: tshark crashes with singal 6: "Unhandled except
Date: Fri, 25 Sep 2009 02:48:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4051

           Summary: tshark crashes with singal 6: "Unhandled exception
                    (group=1, code=6)"
           Product: Wireshark
           Version: 1.2.2
          Platform: x86
        OS/Version: SuSE
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gkrames@xxxxxxx


Build Information:
TShark 1.2.2

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.18.2, with libpcap 0.9-PRE-CVS, with libz 1.2.3, without
POSIX capabilities, without libpcre, with SMI 0.4.8, without c-ares, without
ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos, without
GeoIP.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.27.23-0.1-pae, with libpcap version 0.9-PRE-CVS.

Built using gcc 4.3.2 [gcc-4_3-branch revision 141291].

--
During capturing an longer FTP session at 1MBit/sec,
tshark has crashed with signal 6.

Command line: 
tshark -i eth0 -w pcapfile -S -b filesize:2048000 \
 -l -T pdml -n -f tcp and (host <myhost>)

STDERR:
Capturing on eth0
Unhandled exception (group=1, code=6)

ANALYSIS:
(gdb) where
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb5ef3990 in raise () from /lib/libc.so.6
#2  0xb5ef52c8 in abort () from /lib/libc.so.6
#3  0xb66a458f in unhandled_catcher (except=0xbfcae130) at except.c:225
#4  0xb66a47e1 in do_throw (except=0xbfcae130) at except.c:210
#5  0xb66aedcb in dissect_packet (edt=0x8810260, pseudo_header=0x8810024,
pd=0x8820880 "", fd=0xbfcae2b4, cinfo=0x0) at packet.c:354
#6  0xb66a3fbe in epan_dissect_run (edt=0x8810260, pseudo_header=0x8810024,
data=0x8820880 "", fd=0xbfcae2b4, cinfo=0x0) at epan.c:172
#7  0x080654da in process_packet (cf=0x80774e0, offset=<value optimized out>,
whdr=0x8810010, pseudo_header=0x8810024, pd=0x8820880 "") at tshark.c:2444
#8  0x08065e3d in capture_input_new_packets (capture_opts=0x8077440,
to_read=624) at tshark.c:2013
#9  0x0806449c in sync_pipe_input_cb (source=4, user_data=0x8077440) at
capture_sync.c:1214
#10 0x08068641 in main (argc=14, argv=0xbfcaf664) at tshark.c:1868

packet.c:354 is the line containing "ENDTRY".

The problem is spurious, i.e. hard to reproduce. 
The generated pcap file can be loaded into wireshark without problems, so
possibly the offending packet has not been written any more.

The TRY..ENDTRY dissect_packet() obviously does not handle all cases.
As a quick fix, is it possible to add the C++ equivalent of "catch (..)",
and handle that case in a more fault-tolerant than aborting?


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.