Wireshark mailing list archives

Re: Unhandled exception

From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Mon, 17 Sep 2018 13:22:29 -0700

On Mon, Sep 17, 2018 at 12:31 PM, Maynard, Chris
<Christopher.Maynard () igt com> wrote:

Hello,

Recently I’ve begun seeing the following unhandled exception with master
when loading any capture file or attempting to capture on any interface – at
least that I tried, but I haven’t found any capture file or capture
interface where this doesn’t happen now:

Unhandled exception ("proto.c:6497: failed assertion "(guint)hfid <
gpa_hfinfo.len" (Unregistered hf!)", group=1, code=6)


What types of captures were you loading?

I have seen that sort of thing when there are errors where two hf
array entries point to the same hf_value (given that checkhf didn't
tell you there was anything missing.)

Using tshark -V might help track down which frame the problem is occurring on.

The exception is occurring in proto.c:proto_tree_prime_with_hfid() at line
6497, within the PROTO_REGISTRAR_GET_NTH() macro, but unfortunately the
stack trace isn’t particularly helpful [to me].  Here’s one when attempting
to load an arbitrary capture file:

      libwireshark.dll!unhandled_catcher(except_t * except) Line 230  C

         libwireshark.dll!do_throw(except_t * except) Line 216   C
         libwireshark.dll!except_rethrow(except_t * except) Line 274     C
         Wireshark.exe!cf_read(_capture_file * cf, int reloading) Line 652
C
         Wireshark.exe!MainWindow::openCaptureFile(QString cf_path, QString
read_filter, unsigned int type, int is_tempfile) Line 250    C++
         Wireshark.exe!MainWindow::openCaptureFile(QString cf_path, QString
display_filter) Line 299     C++
         Wireshark.exe!MainWindow::qt_static_metacall(QObject * _o,
QMetaObject::Call _c, int _id, void * * _a) Line 1379        C++
         Qt5Core.dll!00007ffb168fe327()  Unknown
         Wireshark.exe!WelcomePage::recentFileActivated(QString _t1) Line
288    C++
         Wireshark.exe!WelcomePage::openRecentItem(QListWidgetItem * item)
Line 398      C++
         Qt5Core.dll!00007ffb168fe327()  Unknown
         Qt5Widgets.dll!00007ffb17564824()       Unknown
         Qt5Core.dll!00007ffb168fe327()  Unknown
         Qt5Widgets.dll!00007ffb175231fa()       Unknown
         Qt5Widgets.dll!00007ffb1752972c()       Unknown
         Qt5Widgets.dll!00007ffb1732bc42()       Unknown
         Qt5Widgets.dll!00007ffb173ceac7()       Unknown
         Qt5Widgets.dll!00007ffb17530369()       Unknown
         Qt5Core.dll!00007ffb168e104d()  Unknown
         Qt5Widgets.dll!00007ffb17308cac()       Unknown
         Qt5Widgets.dll!00007ffb173068cd()       Unknown
         Qt5Core.dll!00007ffb168dec79()  Unknown
         Qt5Widgets.dll!00007ffb1730a006()       Unknown
         Qt5Widgets.dll!00007ffb17353fe9()       Unknown
         Qt5Widgets.dll!00007ffb17351d5e()       Unknown
         Qt5Widgets.dll!00007ffb17308cc0()       Unknown
         Qt5Widgets.dll!00007ffb17307b47()       Unknown
         Qt5Core.dll!00007ffb168dec79()  Unknown
         Qt5Gui.dll!00007ffb16d1e262()   Unknown
         Qt5Gui.dll!00007ffb16d048fb()   Unknown
         Qt5Core.dll!00007ffb169285c5()  Unknown
         [External Code]
         Qt5Core.dll!00007ffb16927d96()  Unknown
         qwindows.dll!00007ffb16609979() Unknown
         Qt5Core.dll!00007ffb168dab23()  Unknown
         Qt5Core.dll!00007ffb168dd8d4()  Unknown
         Wireshark.exe!main(int argc, char * * qt_argv) Line 907 C++
         Wireshark.exe!WinMain(HINSTANCE__ * __formal, HINSTANCE__ *
__formal, char * __formal, int __formal) Line 104   C++
         [External Code]

If I set WIRESHARK_ABORT_ON_DISSECTOR_BUG=1, it produces nothing of value
[to me]:

14:52:20.271          Err  Unregistered hf! index=-1

I removed all my Lua dissectors from the plugins directory, so this is just
stock Wireshark master running.  Here’s the Wireshark version information:

Version 2.9.0 (v2.9.0rc0-1854-g261817cf)
Compiled (64-bit) with Qt 5.11.1, with WinPcap (4_1_3), with GLib 2.52.2,
with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with
GnuTLS 3.4.11, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4,
with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.
Running on 64-bit Windows 10 (1803), build 17134, with Intel(R) Xeon(R) CPU
E3-1505M v5 @ 2.80GHz (with SSE4.2), with 16225 MB of physical memory, with
locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), with GnuTLS 3.4.11, with Gcrypt 1.8.3, with AirPcap 4.1.0 build
1622, binary plugins supported (14 loaded). Built using Microsoft Visual C++
14.0 build 24215

I will continue investigating, but maybe someone has some ideas?  Is anyone
else seeing this?

Other observations:

checkhf produces no output of any particular consequence (just a bunch of
“Unused [href|ei] entry”’s).

checkapi: 1 warning of no consequence here.

checkfiltername: a bunch of “[field] doesn’t match PROTOABBREV” warnings,
but probably nothing of consequence?

cppcheck: too much output to find the needle I’m looking for in this
haystack.

- Chris
P.S. After updating to the latest sources, I tried deleting the entire build
directory and forcing everything to be compiled again.  That didn’t help.




CONFIDENTIALITY NOTICE: This message is the property of International Game
Technology PLC and/or its subsidiaries and may contain proprietary,
confidential or trade secret information.  This message is intended solely
for the use of the addressee.  If you are not the intended recipient and
have received this message in error, please delete this message from your
system. Any unauthorized reading, distribution, copying, or other use of
this message or its attachments is strictly prohibited.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe




-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Unhandled exception Maynard, Chris (Sep 17)
- Re: Unhandled exception Richard Sharpe (Sep 17)
  - Re: Unhandled exception Maynard, Chris (Sep 17)
    - Re: Unhandled exception João Valverde (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Pascal Quantin (Sep 18)
    - Re: Unhandled exception Maynard, Chris (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)
    - Re: Unhandled exception Maynard, Chris (Sep 18)
    - Re: Unhandled exception Anders Broman (Sep 18)

(Thread continues...)