https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13711
Bug ID: 13711
Summary: Wireshark and tshark crash with some OS X created
802.11 captures
Product: Wireshark
Version: 2.3.x (Experimental)
Hardware: x86
OS: All
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: jyo...@gsu.edu
Target Milestone: ---
Build Information:
Version 2.3.0 (v2.3.0rc0-3527-gd8df841)
Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.5.0, with libpcap, without POSIX capabilities, with
GLib 2.36.0, with zlib 1.2.5, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2.3, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP,
without nghttp2, without LZ4, without Snappy, with libxml2 2.9.0, with
QtMultimedia, without AirPcap, without SBC, without SpanDSP.
Running on Mac OS X 10.10.5, build 14F2315 (Darwin 14.5.0), with Intel(R)
Core(TM) i7-4980HQ CPU @ 2.80GHz (with SSE4.2), with 2048 MB of physical
memory,
with locale en_US.UTF-8, with libpcap version 1.5.3 - Apple version 47, with
GnuTLS 2.12.19, with Gcrypt 1.5.0, with zlib 1.2.5.
Built using clang 4.2.1 Compatible Apple LLVM 6.1.0 (clang-602.0.53).
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Wireshark and tshark crash when processing certain OS X created 802.11 captures
since commit 65227b3e826ee731ceeda838195e05d4a919daf2
> Adds aggregate detection, calculation of frame start and end time, and IFS
Backtrace from Ubuntu core file crashed at line 544 in
epan/dissectors/packet-ieee80211-radio.c:
> 542 /* go back to the first frame in the aggregate,
> 543 * and mark it as part of this aggregate */
> 544 previous_frame.radio_info->aggregate = current_aggregate;
Here's the Ubuntu VM backtrace:
> (gdb) bt
> #0 0x00007f85d6bfa7c7 in dissect_wlan_radio_phdr
> (tvb=tvb@entry=0x7f85df39a1e0, pinfo=pinfo@entry=0x7ffdd7162568,
> tree=tree@entry=0x7f85df512c60, data=data@entry=0x7ffdd7161b30) at
> /vagrant/epan/dissectors/packet-ieee80211-radio.c:544
> #1 0x00007f85d6bfa90b in dissect_wlan_radio (tvb=0x7f85df39a1e0,
> pinfo=0x7ffdd7162568, tree=0x7f85df512c60, data=0x7ffdd7161b30) at
> /vagrant/epan/dissectors/packet-ieee80211-radio.c:1189
> #2 0x00007f85d680c780 in call_dissector_through_handle
> (handle=0x7f85dee981c0, handle=0x7f85dee981c0, data=0x7ffdd7161b30,
> tree=0x7f85df512c60, pinfo=0x7ffdd7162568, tvb=0x7f85df39a1e0) at
> /vagrant/epan/packet.c:684
> #3 call_dissector_work (handle=0x7f85dee981c0, tvb=0x7f85df39a1e0,
> pinfo_arg=0x7ffdd7162568, tree=0x7f85df512c60, add_proto_name=<optimized
> out>, data=0x7ffdd7161b30) at /vagrant/epan/packet.c:759
> #4 0x00007f85d680e212 in call_dissector_with_data (handle=<optimized out>,
> tvb=tvb@entry=0x7f85df39a1e0, pinfo=pinfo@entry=0x7ffdd7162568,
> tree=tree@entry=0x7f85df512c60, data=data@entry=0x7ffdd7161b30) at
> /vagrant/epan/packet.c:3005
> #5 0x00007f85d6bfb553 in dissect_radiotap (tvb=0x7f85e0336f60,
> pinfo=0x7ffdd7162568, tree=0x7f85df512c60, unused_data=<optimized out>) at
> /vagrant/epan/dissectors/packet-ieee80211-radiotap.c:1944
> #6 0x00007f85d680c780 in call_dissector_through_handle
> (handle=0x7f85deeceb20, handle=0x7f85deeceb20, data=0x7f85e03433e8,
> tree=0x7f85df512c60, pinfo=0x7ffdd7162568, tvb=0x7f85e0336f60) at
> /vagrant/epan/packet.c:684
> #7 call_dissector_work (handle=0x7f85deeceb20, tvb=0x7f85e0336f60,
> pinfo_arg=0x7ffdd7162568, tree=0x7f85df512c60, add_proto_name=<optimized
> out>, data=0x7f85e03433e8) at /vagrant/epan/packet.c:759
> #8 0x00007f85d680d03c in dissector_try_uint_new (sub_dissectors=<optimized
> out>, uint_val=23, tvb=tvb@entry=0x7f85e0336f60,
> pinfo=pinfo@entry=0x7ffdd7162568, tree=tree@entry=0x7f85df512c60,
> add_proto_name=add_proto_name@entry=1, data=0x7f85e03433e8)
> at /vagrant/epan/packet.c:1329
> #9 0x00007f85d6b201f9 in dissect_frame (tvb=0x7f85e0336f60,
> pinfo=0x7ffdd7162568, parent_tree=0x7f85df512c60, data=0x7ffdd7161f50) at
> /vagrant/epan/dissectors/packet-frame.c:521
> #10 0x00007f85d680c780 in call_dissector_through_handle
> (handle=0x7f85dee09b80, handle=0x7f85dee09b80, data=0x7ffdd7161f50,
> tree=0x7f85df512c60, pinfo=0x7ffdd7162568, tvb=0x7f85e0336f60) at
> /vagrant/epan/packet.c:684
> #11 call_dissector_work (handle=0x7f85dee09b80, tvb=0x7f85e0336f60,
> pinfo_arg=0x7ffdd7162568, tree=0x7f85df512c60, add_proto_name=<optimized
> out>, data=0x7ffdd7161f50) at /vagrant/epan/packet.c:759
> #12 0x00007f85d680e212 in call_dissector_with_data (handle=<optimized out>,
> tvb=0x7f85e0336f60, pinfo=0x7ffdd7162568, tree=0x7f85df512c60,
> data=<optimized out>) at /vagrant/epan/packet.c:3005
> #13 0x00007f85d680e726 in dissect_record (edt=edt@entry=0x7ffdd7162550,
> file_type_subtype=file_type_subtype@entry=2, phdr=phdr@entry=0x7f85e0343380,
> tvb=tvb@entry=0x7f85e0336f60, fd=fd@entry=0x7f85e03d0108,
> cinfo=cinfo@entry=0x0) at /vagrant/epan/packet.c:567
> #14 0x00007f85d6801f74 in epan_dissect_run_with_taps
> (edt=edt@entry=0x7ffdd7162550, file_type_subtype=2,
> phdr=phdr@entry=0x7f85e0343380, tvb=0x7f85e0336f60,
> fd=fd@entry=0x7f85e03d0108, cinfo=cinfo@entry=0x0) at /vagrant/epan/epan.c:473
> #15 0x00007f85db6d3c2d in add_packet_to_packet_list (fdata=0x7f85e03d0108,
> cf=cf@entry=0x7f85dbf24a80 <cfile>, edt=edt@entry=0x7ffdd7162550,
> dfcode=dfcode@entry=0x0, cinfo=cinfo@entry=0x0,
> phdr=phdr@entry=0x7f85e0343380, buf=buf@entry=0x7f85e04fe250 "",
> add_to_packet_list=add_to_packet_list@entry=1) at /vagrant/file.c:1138
> #16 0x00007f85db6d4f1a in read_packet (cf=cf@entry=0x7f85dbf24a80 <cfile>,
> dfcode=0x0, edt=edt@entry=0x7ffdd7162550, cinfo=cinfo@entry=0x0,
> offset=<optimized out>) at /vagrant/file.c:1227
> #17 0x00007f85db6d556c in cf_read (cf=0x7f85dbf24a80 <cfile>, reloading=0) at
> /vagrant/file.c:660
> #18 0x00007f85db73c9d7 in MainWindow::openCaptureFile (this=0x7f85dd79af90,
> cf_path=..., read_filter=..., type=type@entry=0,
> is_tempfile=is_tempfile@entry=0) at /vagrant/ui/qt/main_window_slots.cpp:250
> #19 0x00007f85db73cf96 in openCaptureFile (display_filter=..., cf_path=...,
> this=<optimized out>) at /vagrant/ui/qt/main_window.h:264
> #20 MainWindow::on_actionFileOpen_triggered (this=<optimized out>) at
> /vagrant/ui/qt/main_window_slots.cpp:1766
> #21 0x00007f85db8494ba in MainWindow::qt_static_metacall
> (_o=_o@entry=0x7f85dd79af90, _c=_c@entry=QMetaObject::InvokeMetaMethod,
> _id=_id@entry=94, _a=_a@entry=0x7ffdd7162df0) at
> /home/vagrant/build/ui/qt/moc_main_window.cpp:1496
> #22 0x00007f85db849c43 in MainWindow::qt_metacall (this=0x7f85dd79af90,
> _c=QMetaObject::InvokeMetaMethod, _id=94, _a=0x7ffdd7162df0) at
> /home/vagrant/build/ui/qt/moc_main_window.cpp:1844
> #23 0x00007f85d3ff836d in QMetaObject::activate(QObject*, int, int, void**)
> () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
> #24 0x00007f85dac73a52 in QAction::triggered(bool) () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #25 0x00007f85dac75f38 in QAction::activate(QAction::ActionEvent) () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #26 0x00007f85dade6a7a in ?? () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #27 0x00007f85dadebb54 in ?? () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #28 0x00007f85dadefeaa in QMenu::mouseReleaseEvent(QMouseEvent*) () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #29 0x00007f85dacb5ea5 in QWidget::event(QEvent*) () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #30 0x00007f85dadf064b in QMenu::event(QEvent*) () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #31 0x00007f85dac7ac8c in QApplicationPrivate::notify_helper(QObject*,
> QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #32 0x00007f85dac80b61 in QApplication::notify(QObject*, QEvent*) () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #33 0x00007f85d3fd0c2d in QCoreApplication::notifyInternal(QObject*, QEvent*)
> () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
> #34 0x00007f85dac7e9e1 in QApplicationPrivate::sendMouseEvent(QWidget*,
> QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) ()
> from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #35 0x00007f85dacd296a in ?? () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #36 0x00007f85dacd49bb in ?? () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #37 0x00007f85dac7ac8c in QApplicationPrivate::notify_helper(QObject*,
> QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #38 0x00007f85dac7fe56 in QApplication::notify(QObject*, QEvent*) () from
> /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
> #39 0x00007f85d3fd0c2d in QCoreApplication::notifyInternal(QObject*, QEvent*)
> () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
> #40 0x00007f85d44f025c in
> QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
> () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
> #41 0x00007f85d44f1925 in
> QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
> () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
> #42 0x00007f85d44da858 in
> QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
> () from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
> #43 0x00007f85c84fd5b0 in ?? () from
> /usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so
> #44 0x00007f85da342e04 in g_main_context_dispatch () from
> /lib/x86_64-linux-gnu/libglib-2.0.so.0
> #45 0x00007f85da343048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
> #46 0x00007f85da3430ec in g_main_context_iteration () from
> /lib/x86_64-linux-gnu/libglib-2.0.so.0
> #47 0x00007f85d401d98c in
> QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
> from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
> #48 0x00007f85d3fcf96b in
> QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
> /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
> #49 0x00007f85d3fd60e1 in QCoreApplication::exec() () from
> /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
> #50 0x0000785db6cd694 in main (argc=1, qt_argv=<optimized out>) at
> /vagrant/wireshark-qt.cpp:911
> (gdb)
And here's the call stack from an OS X VM.
> Exception Type: EXC_BAD_ACCESS (SIGSEGV)
> Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
>
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
> 0 libwireshark.0.dylib 0x0000000104273e5e
> dissect_wlan_radio_phdr + 5214
> 1 libwireshark.0.dylib 0x00000001042728cc dissect_wlan_radio +
> 28
> 2 libwireshark.0.dylib 0x0000000103e462db call_dissector_work
> + 299
> 3 libwireshark.0.dylib 0x0000000103e45382
> call_dissector_with_data + 50
> 4 libwireshark.0.dylib 0x0000000104276f1b dissect_radiotap +
> 10363
> 5 libwireshark.0.dylib 0x0000000103e462db call_dissector_work
> + 299
> 6 libwireshark.0.dylib 0x0000000103e46175
> dissector_try_uint_new + 101
> 7 libwireshark.0.dylib 0x000000010418cfc1 dissect_frame + 4529
> 8 libwireshark.0.dylib 0x0000000103e462db call_dissector_work
> + 299
> 9 libwireshark.0.dylib 0x0000000103e45382
> call_dissector_with_data + 50
> 10 libwireshark.0.dylib 0x0000000103e45240 dissect_record + 624
> 11 libwireshark.0.dylib 0x0000000103e3aba4
> epan_dissect_run_with_taps + 68
> 12 org.wireshark.Wireshark 0x0000000102a58a21
> add_packet_to_packet_list + 145 (file.c:1141)
> 13 org.wireshark.Wireshark 0x0000000102a52efb read_packet + 427
> (file.c:1227)
> 14 org.wireshark.Wireshark 0x0000000102a52a47 cf_read + 1415
> (file.c:619)
> 15 org.wireshark.Wireshark 0x0000000102c0c6af
> MainWindow::openCaptureFile(QString, QString, unsigned int, int) + 1599
> (main_window_slots.cpp:250)
> 16 org.wireshark.Wireshark 0x0000000102c21845
> MainWindow::openCaptureFile(QString, QString) + 101 (main_window.h:264)
> 17 org.wireshark.Wireshark 0x0000000102e13555
> MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) +
> 1941 (moc_main_window.cpp:1412)
> 18 org.qt-project.QtCore 0x0000000109e59b82
> QMetaObject::activate(QObject*, int, int, void**) + 2994
> 19 org.wireshark.Wireshark 0x0000000102e12b88
> MainWelcome::recentFileActivated(QString) + 56 (moc_main_welcome.cpp:280)
> 20 org.wireshark.Wireshark 0x0000000102bc4cea
> MainWelcome::openRecentItem(QListWidgetItem*) + 90 (qstring.h:1053)
> 21 org.qt-project.QtCore 0x0000000109e59b82
> QMetaObject::activate(QObject*, int, int, void**) + 2994
> 22 org.qt-project.QtWidgets 0x00000001036df1ef
> QListWidget::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) +
> 2015
> 23 org.qt-project.QtCore 0x0000000109e59b82
> QMetaObject::activate(QObject*, int, int, void**) + 2994
> 24 org.qt-project.QtWidgets 0x000000010367dbcb
> QAbstractItemView::mouseDoubleClickEvent(QMouseEvent*) + 651
> 25 org.qt-project.QtWidgets 0x0000000103462141
> QWidget::event(QEvent*) + 1649
> 26 org.qt-project.QtWidgets 0x00000001035553bd
> QFrame::event(QEvent*) + 45
> 27 org.qt-project.QtWidgets 0x00000001035d9b0a
> QAbstractScrollArea::viewportEvent(QEvent*) + 170
> 28 org.qt-project.QtWidgets 0x000000010367c31d
> QAbstractItemView::viewportEvent(QEvent*) + 1453
> 29 org.qt-project.QtWidgets 0x00000001035da625
> QAbstractScrollAreaFilter::eventFilter(QObject*, QEvent*) + 37
> 30 org.qt-project.QtCore 0x0000000109e294f9
> QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) +
> 217
> 31 org.qt-project.QtWidgets 0x00000001034236eb
> QApplicationPrivate::notify_helper(QObject*, QEvent*) + 235
> 32 org.qt-project.QtWidgets 0x0000000103426f2d
> QApplication::notify(QObject*, QEvent*) + 9421
> 33 org.qt-project.QtCore 0x0000000109e291b3
> QCoreApplication::notifyInternal(QObject*, QEvent*) + 115
> 34 org.qt-project.QtWidgets 0x000000010342408b
> QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*,
> QWidget*, QWidget**, QPointer<QWidget>&, bool) + 987
> 35 org.qt-project.QtWidgets 0x00000001034822d0
> QWidgetWindow::handleMouseEvent(QMouseEvent*) + 1200
> 36 org.qt-project.QtWidgets 0x00000001034814df
> QWidgetWindow::event(QEvent*) + 111
> 37 org.qt-project.QtWidgets 0x00000001034236fb
> QApplicationPrivate::notify_helper(QObject*, QEvent*) + 251
> 38 org.qt-project.QtWidgets 0x0000000103426ade
> QApplication::notify(QObject*, QEvent*) + 8318
> 39 org.qt-project.QtCore 0x0000000109e291b3
> QCoreApplication::notifyInternal(QObject*, QEvent*) + 115
> 40 org.qt-project.QtGui 0x000000010969578e
> QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*)
> + 3918
> 41 org.qt-project.QtGui 0x0000000109693f53
> QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*)
> + 131
> 42 org.qt-project.QtGui 0x0000000109680b4a
> QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>)
> + 346
> 43 libqcocoa.dylib 0x000000010c17d911
> QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) + 33
> 44 com.apple.CoreFoundation 0x00007fff87833a01
> __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
> 45 com.apple.CoreFoundation 0x00007fff87825b8d
> __CFRunLoopDoSources0 + 269
> 46 com.apple.CoreFoundation 0x00007fff878251bf __CFRunLoopRun + 927
> 47 com.apple.CoreFoundation 0x00007fff87824bd8 CFRunLoopRunSpecific
> + 296
> 48 com.apple.HIToolbox 0x00007fff8582956f
> RunCurrentEventLoopInMode + 235
> 49 com.apple.HIToolbox 0x00007fff858291ee
> ReceiveNextEventCommon + 179
> 50 com.apple.HIToolbox 0x00007fff8582912b
> _BlockUntilNextEventMatchingListInModeWithFilter + 71
> 51 com.apple.AppKit 0x00007fff89a408ab _DPSNextEvent + 978
> 52 com.apple.AppKit 0x00007fff89a3fe58 -[NSApplication
> nextEventMatchingMask:untilDate:inMode:dequeue:] + 346
> 53 com.apple.AppKit 0x00007fff89a35af3 -[NSApplication run]
> + 594
> 54 libqcocoa.dylib 0x000000010c17c7fd
> QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) +
> 2189
> 55 org.qt-project.QtCore 0x0000000109e268cd
> QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 381
> 56 org.qt-project.QtCore 0x0000000109e2978a
> QCoreApplication::exec() + 346
> 57 org.wireshark.Wireshark 0x0000000102a4fa31 main + 4049
> (wireshark-qt.cpp:911)
> 58 libdyld.dylib 0x00007fff90a4e5c9 start + 1
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
