Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2017] New: VoIP trace crashes Wireshark when specific RTP

Date: Sat, 24 Nov 2007 05:10:20 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2017

           Summary: VoIP trace crashes Wireshark when specific RTP Player
                    buttons are clicked
           Product: Wireshark
           Version: 0.99.7
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jyoung@xxxxxxx


Build Information:
Version 0.99.7pre1 (SVN Rev 23530)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.1, with GLib 2.14.3, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio
V19-devel, with AirPcap.

Running on Windows XP Service Pack 1, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Hello,

I have a trace file that Wireshark's "VoIP Calls" window reports as having one
call.  This trace file can be used to crash Wireshark both on Windows and on
Linux systems.

The following Mouse actions will generally (but not always) cause the crash:

  1: Open the "problem" voip trace file.
  2: Click on "Statistics -> VoIP Calls" menu item to open the "VoIP Calls"
window.
  3: In the "VoIP Calls" window select the one and only "Detected Call" by
clicking on the item.  This will un-ghost the "Player" button.
  4: Click on the "Player" button.  This will open the "RTP Player" window.
  5: In the "RTP Player" window click on the "Close" button.  This should
return focus back to the "VoIP Calls" window.
  6: In the "VoIP Calls" window click on the "Close" button.  This should
return focus back to the main Wireshark window.

Repeat steps 2 through 6 until Wireshark crashes.   

The crash usually happens on the second attempt to Open the "RTP Player"
window, but I've sometimes had to repeat the steps above five to ten times
before Wireshark would crash.    

Microsoft's Error Report dialog has variously reported the "Error signature" 
with the following Modules/Offsets:  

  ModName: msvcrt.dll, ModVer: 7.0.2600.1106, Offset: 0003381c
  ModName: libglib-2.0.0.dll, ModVer: 2.14.3.0, Offset 00012697
  ModName: libglib-2.0.0.dll, ModVer: 2.14.3.0, Offset 000126b4
  ModName: ntdll.dll, ModVer: 5.1.2600.1217, Offset: 00033aed

Interestingly one crash of Wireshark on Windows resulted in a Gdk-ERROR pop-up
dialog with the following message:

  "Gdk-ERROR **: file gdkregion-generic.c: line 1282 (miSubtractNonO1):
assertion failed: (r->x1 <r->x2) aborting..."

Using the same VoIP trace file and the mouse sequence above I can also crash an
older SVN 23250 based Wireshark on a Linux 2.6.13-15.16-default system (SUSE). 
When the crash occurs on the Linux system a message similar to the following is
always written:

  "*** glibc detected *** corrupted double-linked list: 0x41f2b8d8"

With each crash on Linux the actual hex value at the end of the message varied
between several different values.

If there is any "good news" regarding this bug, it is that this is apparently
NOT a new defect.  I can reproduce the same crash using the stock Wireshark
0.99.6a release for Windows.

Oddly I have ONLY been able to trigger this crash with one particular trace
file.   I will upload this trace file to this case, but unfortunatly I feel it
will be necessary to mark the attachment as private.

I suspect that someone with minimal gdb skills (at the monent I have none) will
be able to track this problem down pretty easily.

I hope you find this information useful.

Sincerely,

Jim Young


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.