Wireshark-bugs: [Wireshark-bugs] [Bug 4051] New: tshark crashes with singal 6: "Unhandled except
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4051
Summary: tshark crashes with singal 6: "Unhandled exception
(group=1, code=6)"
Product: Wireshark
Version: 1.2.2
Platform: x86
OS/Version: SuSE
Status: NEW
Severity: Major
Priority: Medium
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: gkrames@xxxxxxx
Build Information:
TShark 1.2.2
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.18.2, with libpcap 0.9-PRE-CVS, with libz 1.2.3, without
POSIX capabilities, without libpcre, with SMI 0.4.8, without c-ares, without
ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos, without
GeoIP.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.27.23-0.1-pae, with libpcap version 0.9-PRE-CVS.
Built using gcc 4.3.2 [gcc-4_3-branch revision 141291].
--
During capturing an longer FTP session at 1MBit/sec,
tshark has crashed with signal 6.
Command line:
tshark -i eth0 -w pcapfile -S -b filesize:2048000 \
-l -T pdml -n -f tcp and (host <myhost>)
STDERR:
Capturing on eth0
Unhandled exception (group=1, code=6)
ANALYSIS:
(gdb) where
#0 0xffffe430 in __kernel_vsyscall ()
#1 0xb5ef3990 in raise () from /lib/libc.so.6
#2 0xb5ef52c8 in abort () from /lib/libc.so.6
#3 0xb66a458f in unhandled_catcher (except=0xbfcae130) at except.c:225
#4 0xb66a47e1 in do_throw (except=0xbfcae130) at except.c:210
#5 0xb66aedcb in dissect_packet (edt=0x8810260, pseudo_header=0x8810024,
pd=0x8820880 "", fd=0xbfcae2b4, cinfo=0x0) at packet.c:354
#6 0xb66a3fbe in epan_dissect_run (edt=0x8810260, pseudo_header=0x8810024,
data=0x8820880 "", fd=0xbfcae2b4, cinfo=0x0) at epan.c:172
#7 0x080654da in process_packet (cf=0x80774e0, offset=<value optimized out>,
whdr=0x8810010, pseudo_header=0x8810024, pd=0x8820880 "") at tshark.c:2444
#8 0x08065e3d in capture_input_new_packets (capture_opts=0x8077440,
to_read=624) at tshark.c:2013
#9 0x0806449c in sync_pipe_input_cb (source=4, user_data=0x8077440) at
capture_sync.c:1214
#10 0x08068641 in main (argc=14, argv=0xbfcaf664) at tshark.c:1868
packet.c:354 is the line containing "ENDTRY".
The problem is spurious, i.e. hard to reproduce.
The generated pcap file can be loaded into wireshark without problems, so
possibly the offending packet has not been written any more.
The TRY..ENDTRY dissect_packet() obviously does not handle all cases.
As a quick fix, is it possible to add the C++ equivalent of "catch (..)",
and handle that case in a more fault-tolerant than aborting?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.