| Bug ID |
12792
|
| Summary |
tshark crashes at tvbuff.c:837 with read filter
|
| Product |
Wireshark
|
| Version |
2.2.0
|
| Hardware |
x86-64
|
| OS |
Linux (other)
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
TShark
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 14859 [details]
pcap for reproducing the bug
Build Information:
TShark (Wireshark) 2.2.0rc1 (Git Rev Unknown from unknown)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.48.2, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.11.0, without
Lua, with GnuTLS 3.4.14, with Gcrypt 1.6.6, with MIT Kerberos, without GeoIP.
Running on Linux 4.6.7-300.fc24.x86_64, with locale en_CA.UTF-8, with libpcap
version 1.7.4, with GnuTLS 3.4.14, with Gcrypt 1.6.6, with zlib 1.2.8.
Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (with SSE4.2)
Built using gcc 6.1.1 20160621 (Red Hat 6.1.1-3).
--
Using some read filters on certain pcaps causes a segfault. I can reproduce the
crash using tshark 2.0.5 or tshark 2.2.0.
To reproduce:
tshark -2 -R 'tcp.stream == 0' -r broken-reduced.pcap
or
tshark -2 -R 'http' -r broken-reduced.pcap
Using -Y does not cause a crash. Some other read filters do not cause a crash,
for example -2 -R 'ssl' and -2 -R 'tcp' work fine.
I have attached the smallest of 3 pcaps that I've seen the problem with.
gdb backtrace: http://pastebin.com/pJSfgU2P
valgrind output: http://pastebin.com/C4BFcHXX
You are receiving this mail because:
- You are watching all bug changes.
