Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10980] New: Crash on the first packet after restarting capture

Wireshark-bugs: [Wireshark-bugs] [Bug 10980] New: Crash on the first packet after restarting cap

Date: Thu, 19 Feb 2015 16:46:46 +0000

Bug ID	10980
Summary	Crash on the first packet after restarting capture
Product	Wireshark
Version	1.12.3
Hardware	x86-64
OS	Windows 8.1
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	chris@chrullrich.net

Build Information:
Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jan  7 2015),
with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with WinPcap version 4.1.3
(packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz, with 16254MB of physical memory.
--
After restarting a running capture (of traffic heavy in DCE-RPC) a few times
(sometimes after the first restart, otherwise later), Wireshark crashes with no
packets displayed in the window.

I tried to debug the crash, but according to the VS2013 debugger, the published
symbols at
https://www.wireshark.org/download/win64/all-versions/Wireshark-pdb-win64-1.12.3.zip
don't match for wireshark.exe, although they do match for libwireshark.dll .

According to what I can get from the debugger, the crash is in line 260 of
epan/except.c:

257 struct except_stacknode *except_pop(void)
258 {
259     struct except_stacknode *top = get_top();
260     set_top(top->except_down);
261     return top;
262 }

"top" is NULL:

--- c:\buildbot\wireshark\wireshark-1.12-64\win7x64\build\epan\except.c
--------
    struct except_stacknode *top = get_top();
00007FFEAB2622D0  mov         rax,qword ptr [stack_top (07FFEADE3CE40h)]  
    set_top(top->except_down);
00007FFEAB2622D7  mov         rcx,qword ptr [rax]  ; rax==0
00007FFEAB2622DA  mov         qword ptr [stack_top (07FFEADE3CE40h)],rcx  
    return top;
}
00007FFEAB2622E1  ret  


I will be happy to dig deeper, if there are any valid symbols to be had.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 10948] Qt Wireshark - Once a live capture is stopped the title bar persists in reporting "Capturing from interface name"
Next by Date: [Wireshark-bugs] [Bug 10714] Crash while analyze rtp streams
Previous by thread: [Wireshark-bugs] [Bug 10979] GPOINTER_TO_UINT in C++ code for 64bit Solaris wouldn't compile
Next by thread: [Wireshark-bugs] [Bug 10981] New: Crash on voip media playback
Index(es):
- Date
- Thread