Wireshark · Wireshark-dev: [Wireshark-dev] Unhandled exception

["Maynard, Chris" <Christopher.Maynard@xxxxxxx>]

Hello,

 

Recently I’ve begun seeing the following unhandled exception with master when loading any capture file or attempting to capture on any interface – at least that I tried, but I haven’t found any capture file or capture interface where this doesn’t happen now:

 

Unhandled exception ("proto.c:6497: failed assertion "(guint)hfid < gpa_hfinfo.len" (Unregistered hf!)", group=1, code=6)

 

The exception is occurring in proto.c:proto_tree_prime_with_hfid() at line 6497, within the PROTO_REGISTRAR_GET_NTH() macro, but unfortunately the stack trace isn’t particularly helpful [to me].  Here’s one when attempting to load an arbitrary capture file:

 

>       libwireshark.dll!unhandled_catcher(except_t * except) Line 230  C

         libwireshark.dll!do_throw(except_t * except) Line 216   C

         libwireshark.dll!except_rethrow(except_t * except) Line 274     C

         Wireshark.exe!cf_read(_capture_file * cf, int reloading) Line 652       C

         Wireshark.exe!MainWindow::openCaptureFile(QString cf_path, QString read_filter, unsigned int type, int is_tempfile) Line 250    C++

         Wireshark.exe!MainWindow::openCaptureFile(QString cf_path, QString display_filter) Line 299     C++

         Wireshark.exe!MainWindow::qt_static_metacall(QObject * _o, QMetaObject::Call _c, int _id, void * * _a) Line 1379        C++

         Qt5Core.dll!00007ffb168fe327()  Unknown

         Wireshark.exe!WelcomePage::recentFileActivated(QString _t1) Line 288    C++

         Wireshark.exe!WelcomePage::openRecentItem(QListWidgetItem * item) Line 398      C++

         Qt5Core.dll!00007ffb168fe327()  Unknown

         Qt5Widgets.dll!00007ffb17564824()       Unknown

         Qt5Core.dll!00007ffb168fe327()  Unknown

         Qt5Widgets.dll!00007ffb175231fa()       Unknown

         Qt5Widgets.dll!00007ffb1752972c()       Unknown

         Qt5Widgets.dll!00007ffb1732bc42()       Unknown

         Qt5Widgets.dll!00007ffb173ceac7()       Unknown

         Qt5Widgets.dll!00007ffb17530369()       Unknown

         Qt5Core.dll!00007ffb168e104d()  Unknown

         Qt5Widgets.dll!00007ffb17308cac()       Unknown

         Qt5Widgets.dll!00007ffb173068cd()       Unknown

         Qt5Core.dll!00007ffb168dec79()  Unknown

         Qt5Widgets.dll!00007ffb1730a006()       Unknown

         Qt5Widgets.dll!00007ffb17353fe9()       Unknown

         Qt5Widgets.dll!00007ffb17351d5e()       Unknown

         Qt5Widgets.dll!00007ffb17308cc0()       Unknown

         Qt5Widgets.dll!00007ffb17307b47()       Unknown

         Qt5Core.dll!00007ffb168dec79()  Unknown

         Qt5Gui.dll!00007ffb16d1e262()   Unknown

         Qt5Gui.dll!00007ffb16d048fb()   Unknown

         Qt5Core.dll!00007ffb169285c5()  Unknown

         [External Code]

         Qt5Core.dll!00007ffb16927d96()  Unknown

         qwindows.dll!00007ffb16609979() Unknown

         Qt5Core.dll!00007ffb168dab23()  Unknown

         Qt5Core.dll!00007ffb168dd8d4()  Unknown

         Wireshark.exe!main(int argc, char * * qt_argv) Line 907 C++

         Wireshark.exe!WinMain(HINSTANCE__ * __formal, HINSTANCE__ * __formal, char * __formal, int __formal) Line 104   C++

         [External Code]

 

If I set WIRESHARK_ABORT_ON_DISSECTOR_BUG=1, it produces nothing of value [to me]:

 

14:52:20.271          Err  Unregistered hf! index=-1

 

I removed all my Lua dissectors from the plugins directory, so this is just stock Wireshark master running.  Here’s the Wireshark version information:

 

Version 2.9.0 (v2.9.0rc0-1854-g261817cf)

Compiled (64-bit) with Qt 5.11.1, with WinPcap (4_1_3), with GLib 2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.4.11, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 10 (1803), build 17134, with Intel(R) Xeon(R) CPU E3-1505M v5 @ 2.80GHz (with SSE4.2), with 16225 MB of physical memory, with locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.4.11, with Gcrypt 1.8.3, with AirPcap 4.1.0 build 1622, binary plugins supported (14 loaded). Built using Microsoft Visual C++ 14.0 build 24215

 

I will continue investigating, but maybe someone has some ideas?  Is anyone else seeing this?

 

Other observations:

 

checkhf produces no output of any particular consequence (just a bunch of “Unused [href|ei] entry”’s).

 

checkapi: 1 warning of no consequence here.

 

checkfiltername: a bunch of “[field] doesn’t match PROTOABBREV” warnings, but probably nothing of consequence?

 

cppcheck: too much output to find the needle I’m looking for in this haystack.

 

- Chris

P.S. After updating to the latest sources, I tried deleting the entire build directory and forcing everything to be compiled again.  That didn’t help.

 

 

 

CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information.  This message is intended solely for the use of the addressee.  If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.