On Mar 2, 2016, at 11:53 PM, FIXED-TERM Scholz Tobias (DC-IA/EAI3) <fixed-term.Tobias.Scholz@xxxxxxxxxxxxxxx> wrote:
> I am having problems with saving my new development as a pcapng file. Trying to save with this type, wireshark 2.1.0 (x64) crashes and I will get an exception.
>
> Using the VS2013 debugger I get the following exception within “pcapng.c”:
> • Unhandled exception at 0x000007FEE02F7C67 (wiretap-2.1.0(x64_TS_PS).dll) in Wireshark.exe: 0xC0000005: Access violation reading location 0x0000000000000000.
>
> The programm itself seems to stop at line 4031 in “pcapng.c”
>
> if (!pcapng_write_interface_statistics_block(wdh, if_stats, err)) {
> return FALSE;
> }
This might be bug 12220:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12220
> What I don’t understand is, trying to save another capture with the same development as pcap works perfect.
Because the problem appears to be with capture statistics that can be saved in pcapng files (because it has blocks that store capture statistics) but not in pcap files (because it has no ability to store capture statistics), so the code to write pcap files never looks at the incorrectly-set-up capture statistics structure.
> I can also load the pcap file without any problems. After saving the file as pcap I tried to save the same capture as pcapng, and it works!
The code to *read* pcap files obviously doesn't set up any capture statistics, as they're not stored in a pcap file, so there isn't a bad capture statistics structure to try to save.
Perhaps the code that *reads* pcapng files doesn't set up the capture statistics structure correctly? (Michael?)
