Wireshark-bugs: [Wireshark-bugs] [Bug 5500] failed assertion in ISAKMP dissector (proto.c:4002)
Date: Thu, 27 Jan 2011 02:04:17 -0800 (PST)

--- Comment #4 from Naoyoshi Ueda <[email protected]> 2011-01-27 02:04:05 PST ---
Created an attachment (id=5802)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5802)
Patch to avoid the error


The problem seems to be caused by calling proto_tree_move_item() with
faked proto_item as its argument.

During the first run through dissection phase, proto_tree_add_item()
just returns faked proto_item instead of actually creating new proto_item
and returning it. And faked proto_items make the assertion to fail.

On the other hand, after the run through dissection, proto_tree_add_item()
returns real proto_item, so the error message appears only in the packet list
actual decoding is performed properly.

If you look at the revision history of proto.c
there were the following lines on the top of proto_tree_move_item()
before than revision 32443 and this seems to have prevented faked item
from causing trouble.

         /* This function doesn't generate any values. It only reorganizes the
prococol tree
              * so we can bail out immediately if it isn't visible. */
             if (!tree || !PTREE_DATA(tree)->visible)

Actually, I compiled revision 32442 and 32443, and confirmed only rev.32443
the error message.

Such being the case, I think reviving the above code is the most
straightforward way, but
I'm not sure because I don't fully understand the intent of the changes made in

Anyway, I attach the patch that just avoiding the issue on the packet-isakmp.c
side by
suppressing proto_tree_move_item() call in the run through dissection.

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.