Wireshark-dev: [Wireshark-dev] Crashes while Airpcap sniffing
From: Gisle Vanem <gvanem@xxxxxxxxxxxx>
Date: Mon, 02 Jan 2012 16:26:17 +0100
There are some places in the ./gtk sources that causes a
crash while sniffing on a AirPcap adapter. I don't know why;
maybe most code assumes the captured frames contain network
layer packets. Since my Airpcap (\\.\airpcap00 on Win-XP) only gives
me IEEE 802.11 radio frames, I can only speculate.

I.e. here is one situation in gtk/stats_tree_stat.c:

void gtk_stats_tree_cb(GtkAction *action, gpointer user_data _U_)
{
...
cfg = stats_tree_get_cfg_by_abbr(abbr);
if(cfg){
 tap_param_dlg_cb(action, cfg->pr->stat_dlg);

Pressing the menu "Statistics | Sametime | Messages" while sniffing on AirPcap ... kaboom! Since "cfg != NULL", but "cgf->pr == NULL". What's the story here?

A simple patch:

--- SVN-Latest\gtk\stats_tree_stat.c    Mon Oct 31 11:17:42 2011
+++ gtk\stats_tree_stat.c       Mon Jan 02 16:11:12 2012
@@ -389,7 +389,7 @@
               abbr = g_strdup_printf("%s",action_name);
       }
       cfg = stats_tree_get_cfg_by_abbr(abbr);
-       if(cfg){
+       if(cfg && cfg->pr){
               tap_param_dlg_cb(action, cfg->pr->stat_dlg);
       }else{
        simple_dialog(ESD_TYPE_ERROR, ESD_BTN_OK,

But it would be nicer if that menu would be greyed out. But I have no
idea on how to do it myself.

There are also this situation (which I can get back to): when getting an unexpected "Information Element ID", the function capture_if_details_802_11_bssid_list() tries to hex-dump a buffer and reading beyond the buffer returned by wpcap_packet_request(). Kaboom again.
--gv