Wireshark-bugs: [Wireshark-bugs] [Bug 10037] New: Pipe support broken in Wireshark
Date: Thu, 24 Apr 2014 15:12:03 +0000
Bug ID 10037
Summary Pipe support broken in Wireshark
Classification Unclassified
Product Wireshark
Version 1.11.x (Experimental)
Hardware x86
OS Ubuntu
Severity Major
Priority Low
Component Wireshark
Assignee [email protected]
Reporter [email protected]

Created attachment 12725 [details]
Trace dump, which opens fine in file-open, but crashes in pipedump

Build Information:
Shark 1.11.4 (v1.11.4-rc1-102-gace8389 from unknown)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO

Compiled (64-bit) with GLib 2.38.1, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.10.0, with
Lua 5.1, without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.0, with MIT
Kerberos, with GeoIP.

Running on Linux 3.11.0-12-generic, with locale de_DE.UTF-8, with libpcap
version 1.4.0, with libz 1.2.8.
Intel(R) Core(TM)2 Quad CPU    Q8400  @ 2.66GHz

Built using gcc 4.8.2.

Pipe support seems to be broken in wireshark in the current git checkout under
Linux (Win32 seems to be working, OSX still unconfirmed). I have the following
procedure for testing:

1. mkfifo /tmp/wspipe
2. cat pipe_trace.dmp > /tmp/wspipe
3. wireshark -k -i /tmp/wspipe

This leads to a segfault in file.c:1053 which wants to free err_info, but that
address is out-of-bounds according to gdb. *err is set to -12, which is the
error message: "Less data was read than was expected"

If the same file is opened via file->open, no error occurs.

Wireshark 1.10.2 from the Ubuntu repos, seems to have the same issue, and as
this is an issue residing in wiretap, so does tshark (git and 1.10.2).

You are receiving this mail because:
  • You are watching all bug changes.