ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1915] New: Opening Capture Options Windows sometimes cause

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 14 Oct 2007 06:59:11 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1915

           Summary: Opening Capture Options Windows sometimes causes
                    Wireshark to crash
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jyoung@xxxxxxx


Build Information:
Version 0.99.7-SVN-23144 (SVN Rev 23144)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.0, with GLib 2.14.1, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio
V19-devel, with AirPcap.

Running on Windows XP Service Pack 1, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.

--
Since mid to late September 2007, Buildbot versions of Wireshark for Windows
will occasionally crash when opening the "Wireshark: Capture Options" window.

When the crash occurs the "Wireshark: Capture Options" window will generally
have been partially rendered onto the screen.  (see attachment:
CaptureOptionsCrash.png) 

This crash generally happens if I had previously canceled out of the "Capture
Options" window.  I can initate the cancel by either clicking on the "Cancel"
button or by pressing the "ESC" key.  Sometimes the crash will occur on the
second attempt to display the Capture Options window.  Other times it has taken
several open/cancel sequences before Wireshark crashes.  I've been able to
consistantly crash Wireshark within 11 open/cancel sequences.

I've replicated this problem on three different Windows XP machines. Two of the
systems were running Windows XP SP1.  The third system was an up to date
Windows XP SP2 machine.

I have been able to replicate the problem on random buildbot versions since SVN
23034 (~Sep 30 2007) up to the most recent SVN 23144.  I have NOT been able
recreate this problem with random Buildbot versions prior to SVN 22767 (~Sep 02
2007) or earlier.  (I do not have available any buildbot between SVN 22767 to
23144 to further narrow down when this problem may have first started.)

I can reproduce this problem by using mouse clicks or by using keyboard
accelators to open and then cancel the "Capture Options" window.

To replicate the problem:

1) Open and select the menu item: "Capture" -> "Options..."

2) If the "Capture Options" window opens successfully click on the "Cancel"  
button (or press "ESC").

3) Repeat steps 1 and 2 until Wireshark crashes.

When Wireshark crashes, Windows XP will display an error dialog that starts
with the message:

  "Wireshark has encountered a problem and needs to close.  We are sorry for
the inconvience."  

This error dialog will also include the message: 

  "Please tell Microsoft about this problem."  

This error dialog also includes the message: 

  "To see what data this error report contains. <click here>"   

By clicking on the "<click here>" field Windows will display another dialog
that includes an "Error signature".  The error signatures I have seen have
generally contain the following:

  AppName: wireshark.exe
  AppVer: 0.99.7.0
  ModName: ntdll.dll [1]
  ModVer: 5.1.2600.1217 [2]
  Offset: 00008e20 [3]

[1] The vast majority of the time the "ModeName:" is reported as ntdll.dll.
This happens when the Capture Options window has been partially displayed.
But occasionally the crash will occur before the "Capture Options" dialog has
displayed at all or sometimes just after the "Capture Options" has completely
displayed.  In these cases the Error signature's "ModName:" field has generally
contained other names such as: libgdk-win32-2.0-0.dll, libglib-2.0-0.dll and
libgobject-2.0-0.dll.  

[2] When reproducing this problem on a Windows XP SP2 machine, the Error
signature reports the ntdll.dll "ModVer: value as 5.1.2600.2180.

[3] The Error signature's "Offset:" value varies, but it doesn't appear to be
random.  Generally the value reported loosly (but not exactly) followed the
number of times that the Capture Options dialog was opened/canceled.

While this problem is perhaps in some ways similar to the problem reported in
still open bug 1367 (which identified its problem in 0.99.5 (SVN 20677)) I was
UNABLE to reproduce this particular problem on public releases of Wireshark
including the the most recent release 0.99.6a (SVN 22276).


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube