Wireshark-bugs: [Wireshark-bugs] [Bug 11426] New: Qt Wireshark - Decode As triggers GLib-CRITICA
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 08 Aug 2015 15:34:18 +0000
Bug ID 11426
Summary Qt Wireshark - Decode As triggers GLib-CRITICAL **: g_hash_table_foreach: assertion `version == hash_table->version' failed
Product Wireshark
Version Git
Hardware x86
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Qt UI
Assignee bugzilla-admin@wireshark.org
Reporter jyoung@gsu.edu 

Created attachment 13790 [details]
130 packet trace file with 10 contrived http sessions

Build Information:
Wireshark 1.99.9-116-g5cf66db (v1.99.9rc0-116-g5cf66db from unknown)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with libpcap, without POSIX capabilities, with
libz 1.2.3, with GLib 2.36.0, with SMI 0.4.8, without c-ares, without ADNS,
with
Lua 5.2, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP,
without PortAudio, without AirPcap.

Running on Mac OS X 10.10.4, build 14E46 (Darwin 14.4.0), with locale C, with
libpcap version 1.5.3 - Apple version 47, with libz 1.2.5, with GnuTLS 2.12.19,
with Gcrypt 1.5.0.
Intel(R) Core(TM) i7-4980HQ CPU @ 2.80GHz (with SSE4.2)

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).

--
When the "Decode As..." feature in Qt Wireshark is used more than once, a
"GLib-CRITICAL **: g_hash_table_foreach: assertion `version ==
hash_table->version' failed" message is generated each time the "Decode As"
entry is saved.  In rare cases this appears to trigger a crash.

Attached is a small contrived trace file with 10 TCP sessions that can be used
to recreate the issue:

1 - Start the Qt based Wireshark from a CLI session.   On OS X simply open a
Terminal session.  On Windows launch Wireshark from a cygwin shell[1].

2 - Open the 130 frame test trace file: 10-pseudo-http-conversations.pcapng

3 - Apply a display filter of: http || data

4 - 10 frames should be displayed in the Packet List; frames 5, 18, 31, 44, 57,
70, 83, 96, 109, 122.  The Packet List's Info column will very likely dissect
to just the TCP level for these 10 frames.

4 - Right-Click the first displayed packet (Frame #5) in the Packet List and
select "Decode As..." from the Context menu.

5 - In the "Decode As" dialog click the [Ok] button to assign (the default) of
HTTP to newly added TCP port 10001 entry.

6 - The Info column for Frame #5 will now be dissected as HTTP.

7 - Now repeat step 4 for the other packets (or the same one) in the Packet
List.  The assertion message listed above will be written to the console for
each additional use of the "Decode As" dialog.

--

[1] These messages will not be visible if one simply double-clicks on the
Wireshark icon or starts Wireshark for a cmd prompt.  Under Windows one can
expose these messages by using a cygwin shell or in Qt Creator's "Application
Output" window.

In a cygwin shell if one installs Wireshark in the typical default location
(C:\Windows\Program Files\Windows), Wireshark can be started with the command:

> /cygdrive/c/Program\ Files/Wireshark/Wireshark.exe

If one has a Window's build environment and is using the an nmake build then
the development version of Wireshark can be started in a cygwin shell with
something like the command:

> /cygdrive/c/Development/wireshark/wireshark-qt-release/Wireshark.exe

How to launch Qt Wireshark with the newer cmake based Wireshark build
environment from cygwin is left as an exercise for the reader.

--

You are receiving this mail because:
  • You are watching all bug changes.