Wireshark-bugs: [Wireshark-bugs] [Bug 2068] New: Crash when newly added display filter macro is
Date: Mon, 3 Dec 2007 12:24:59 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2068 Summary: Crash when newly added display filter macro is first used Product: Wireshark Version: SVN Platform: PC OS/Version: All Status: NEW Severity: Major Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: jyoung@xxxxxxx Build Information: Version 0.99.7pre2 (SVN Rev 23672) Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.1, with GLib 2.14.3, with WinPcap (version unknown), with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio V19-devel, with AirPcap. Running on Windows XP Service Pack 1, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 6.0 build 8804 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Hello this bug concerns the use of the "Display Filter Macros". After a new display filter macro (dfmacro) has been defined, the first attempt to use the dfmacro will result in a crash of Wireshark when the closing "}" character is entered into the "Filter:" text entry field. This bug has been replicated on severalof Microsoft Windows based versions of Wireshark including: Version 0.99.7pre2 (SVN Rev 23672). Version 0.99.6a (SVN Rev 22276) (last public release) Version 0.99.8-SVN-23698 (SVN Rev 23698) (very recent buildbot version) The bug has also been replicated on a SUSE (linux) system running a very recent SVN (23698): How to replicate this bug: 1: Open the "Display Filter Macros" dialog. Starting with SVN 23693 this item is found in the menu item "Analyze" -> "Display Filter Macros...". Prior to SVN 23693 this item is found "View" -> "Display Filter Macros...". 2: Click on the "New" button to open the "Display Macros Filters: New" dialog. 3: Enter a unique name for the new dfmacro's name: e.g. "foo2" 4: Enter a valid display filter in the text field: e.g. "bootp.dhcp" 5: Click "Ok" to accept and close the "Display Macros Filters: New" dialog. This will redisplay the "Display Filter Macros" dialog. The new dfmacro should be the bottom-most entry in the list. 6: Click in the "Ok" to close the "Display Filter Macros" dialog box. 7: Click in Wireshark's "Filter:" text entry field. 8: Start entering the newly created dfmacro in the "Filter:" text entry field. Please note that the syntax for using a dfmacro requires that you enter the dfmacro's name as ${MACRONAME}. So assuming that you entered the dmacro name as "foo2" you would enter "${foo2}" 9: Wireshark will crash when you enter the closing "}" for the newly created dfmacro. On MS Windows systems[1], following the crash, the newly defined dfmacro will be available when Wireshark is restarted. The new dfmacro entry will have been saved to the "dfilter_macros" file when you press "Ok" or "Apply" to close the "Display Filter Macros" file. After restarting Wireshark you will be able to successfully use the new dfmacro. [1] Unfortunately there is apparently another bug on Linux systems with how the display filter macros entries are saved and restored from the "dfilter_macros" file. On my SUSE (linux) system the dfilter_macros file is updated with the new dfmacro, but upon restart NONE of the dfmacros are loaded. A separate bug will be submitted regarding problems with reading entries from the dfilter_macros file on Linux systems. This bug only happens for newly created dfmacros, Wireshark does NOT crash when attempting to use existing dfmacro names. When I reproduce this bug on my SUSE system I get a consistent back-trace pointing to "g_string_sprintfa(text,"%s%s"," located in epan/dfilter/dfilter-macro.c:195... > ~/projects/wireshark> ulimit -c unlimited > ~/projects/wireshark> ./wireshark & <reproduce the crash> > ~/projects/wireshark> libtool --mode=execute gdb wireshark core <snip> > #0 dfilter_macro_resolve (name=0x942b690 "foo2", args=0x942b6d8, error=0x8176d00) at dfilter-macro.c:195 195 g_string_sprintfa(text,"%s%s", (gdb) where > #0 dfilter_macro_resolve (name=0x942b690 "foo2", args=0x942b6d8, error=0x8176d00) at dfilter-macro.c:195 > #1 0x40478b02 in dfilter_macro_apply (text=0x89dbbc0 "${foo2}", depth=0, error=0x8176d00) at dfilter-macro.c:289 > #2 0x40477b2d in dfilter_compile (text=0x89dbbc0 "${foo2}", dfp=0xbffbbd9c) at dfilter.c:225 <snip> -- Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
- Follow-Ups:
- [Wireshark-bugs] [Bug 2068] Crash when newly added display filter macro is first used
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2068] Crash when newly added display filter macro is first used
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2068] Crash when newly added display filter macro is first used
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2068] Crash when newly added display filter macro is first used
- Prev by Date: [Wireshark-bugs] [Bug 2051] Crash in packet_ansi_a.c (bsap)
- Next by Date: [Wireshark-bugs] [Bug 2069] New: H323 VoIP call, alias setting, mobileUIM aliases decode wrongly
- Previous by thread: [Wireshark-bugs] [Bug 2051] Crash in packet_ansi_a.c (bsap)
- Next by thread: [Wireshark-bugs] [Bug 2068] Crash when newly added display filter macro is first used
- Index(es):
- Get Wireshark
- Download
- Code of Conduct