Wireshark-bugs: [Wireshark-bugs] [Bug 10476] New: Consistent crashes reading PCAP from tPacketCa
Date: Tue, 16 Sep 2014 23:43:05 +0000
Bug ID 10476
Summary Consistent crashes reading PCAP from tPacketCapture Android app on 1.12.0
Product Wireshark
Version 1.12.0
Hardware x86
OS Mac OS X 10.8
Status UNCONFIRMED
Severity Major
Priority Low
Component Capture file support (libwiretap)
Assignee bugzilla-admin@wireshark.org
Reporter alexgkirk@gmail.com

Created attachment 13059 [details]
PCAP causing crash

Build Information:
Version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
with
MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 31 2014), with
AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap.
      Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz, with 3071MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219
--
I just installed tPacketCapture
(https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture&hl=en),
a relatively well-rated Android app that ostensibly allows for packet capture
without root. When attempting to read the generated PCAPs in 1.12.0 on a
Win7-32 VM, I got consistent crashes, a la:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    Wireshark.exe
  Application Version:    1.12.0.0
  Application Timestamp:    53da938e
  Fault Module Name:    libwireshark.dll
  Fault Module Version:    1.12.0.0
  Fault Module Timestamp:    53da92fd
  Exception Code:    c0000005
  Exception Offset:    0000f0e5
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033
  Additional Information 1:    0a9e
  Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
  Additional Information 3:    0a9e
  Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy
statement offline:
  C:\Windows\system32\en-US\erofflps.txt


I admit to not having any debugging tools on that particular VM, nor a great
deal of interest in installing them all to the point where I could effectively
trace this myself. I figured you'd want to know, though, in case there is a
security implication here - there have been a lot of root-level compromises
reading file formats over the years. :-P

Happy to work with you guys to reproduce as necessary, just let me know what I
need to provide.


You are receiving this mail because:
  • You are watching all bug changes.