Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1329] New: Large HTTP PDU crashes (loop) Wireshark?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 25 Jan 2007 18:32:19 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1329

           Summary: Large HTTP PDU crashes (loop) Wireshark?
           Product: Wireshark
           Version: 0.99.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jhg@xxxxxxxxxxxxxxx


Build Information:
Version 0.99.4 (SVN Rev 19757)

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown), with
libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua 5.1,
with
GnuTLS 1.5.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio <= V18, with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x], without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.

--
I used wireshark to capture a large HTTP download (a large JPEG).
If I have "Reassemble HTTP bodies spanning multiple TCP segments"
turned on, I can reliably put Wireshark into a 100% CPU loop
with the following steps:

1) Find the "reassembled" PDU and click on it.  In my case it's
   packet 336.  I get a progress dialog while Wireshark assembles
   the complete 4 megabyte PDU, which takes 3-4 seconds.  This works.

2) In the protocol decode window, click on the "Reassembled TCP
   Segments" line or the "JPEG File Interchange Format" line.

3) The progress dialog appears again, goes to 100% complete and
   then disappears as expected.  However, the window under the
   dialog does not repaint, and CPU utilization goes to 100%
   and stays there.

4) After about 5 minutes the Wireshark window repaints, but CPU
   is still pegged at 100% and Wireshark does not respond.

5) This pattern repeats.  Wireshark runs at 100% for between 3
   and 5 minutes, then repaints.  Sometimes the progress dialog
   reappears, does its thing and disappears but Wireshark still
   doesn't respond.

I will attach the capture file needed to reproduce this.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube