Wireshark-dev: [Wireshark-dev] Throwing exception can shorten tree
From: Michael Mann <[email protected]>
Date: Sun, 26 Feb 2017 11:10:49 -0500
I can't remember where I had the conversation, but I remember talking about cases where a thrown exception in Wireshark leads to it not showing as much as was dissected in the tree. I remember first seeing this issue when I was writing some dissector code and it wasn't quite finished, so I had some incorrectly created malformed packets.  And I think that's where I keep seeing the issue (during development), so I've never been able to easily share the setup.
 
Well, I think bug 13435 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13435) provides an example of this.  I've been stepping through the provided capture (packet 74 to be specific) in the debugger and can see that it creates much more of a tree than is shown in the GUI.  I'm not sure if its a "bug" or a "feature", but it only seems to happen for malformed packets (or similar), so it's never the "real" bug and just an annoying symptom.  But that symptom can make it harder to track down the real bug because the tree isn't really showing the last field it dissected.  If someone could provide an explanation of "why" that would be appreciated.