Wireshark-bugs: [Wireshark-bugs] [Bug 13033] New: Various TreeItem:add_packet_field bugs
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 21 Oct 2016 00:12:35 +0000
Bug ID 13033
Summary Various TreeItem:add_packet_field bugs
Product Wireshark
Version 2.2.1
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter mkow415@gmail.com 

Build Information:
Build Information:
Version 2.2.1 (v2.2.1-0-ga6fbd27 from master-2.2)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
Polish_Poland.1250, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980),
based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15,
with Gcrypt 1.6.2, without AirPcap.
      Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz (with SSE4.2), with 8169MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 40629
--
I've recently tried to use TreeItem:add_packet_field from Lua and it seems to
be quite buggy. All the issues I found are listed below.

1. Assertion fail
Code:
    local proto = Proto("proto", "Protocol")
    function proto.dissector(buffer, pinfo, tree)
        local myfield = ProtoField.new("Transaction ID", "myproto.trans_id",
ftypes.UINT16)
        local child, value = tree:add_packet_field(myfield, buffer(0, 2),
ENC_LITTLE_ENDIAN)
    end

This dissector generates following error on the console for all analyzed
packets:
Warn Dissector bug, protocol PROTO, in packet 2007:
C:\buildbot\wireshark\wireshark-2.2-64\windows-2012r2-x64\build\epan\proto.c:2529:
failed assertion "(guint)hfindex < gpa_hfinfo.len" (Unregistered hf!)

2. value==nil returned on success
Code:
    local proto = Proto("proto", "Protocol")
    proto.fields = {}
    proto.fields["test"] = ProtoField.uint32("test", "test", base.HEX)
    function proto.dissector(buffer, pinfo, tree)
        local child, value = tree:add_packet_field(proto.fields["test"],
buffer(0, 4), ENC_LITTLE_ENDIAN)
        message(value)
    end

This dissector successfully parses input, but returns `value` == nil (which can
be seen on the console). I've tried using add_packet_field for many types of
fields, but never get anything other than nil in `value`. 

3. string parsing stops too early
Code:
    local proto = Proto("proto", "Protocol")
    proto.fields = {}
    proto.fields["test"] = ProtoField.string("test", "test")
    function proto.dissector(buffer, pinfo, tree)
        tree:add_packet_field(proto.fields["test"], buffer(0, 10), ENC_UTF_16 +
ENC_STRING + ENC_LITTLE_ENDIAN)
    end

Only the first character of UTF-16-LE sequence is displayed. Sample input for
this field: 3C00610031003E000000 (hex, 10 bytes)

4. parsing strings returns \oct sequence instead of string
Code: same as above (3.), but with "ENC_UTF_16 + ENC_STRING +
ENC_LITTLE_ENDIAN" replaced by "ENC_UTF_16".
Result: "test: \343\260\200\346\204\200\343\204\200\343\270\200"


btw.: Is there any documentation for these ENC_* flags? Especially the string
ones seems quite cryptic to me (e.g. what does ENC_STRING really do).

You are receiving this mail because:
  • You are watching all bug changes.