Wireshark · Wireshark-users: Re: [Wireshark-users] Crash when LTE dissector (over UDP framing) enabled

[Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx>]

On Thu, Nov 11, 2010 at 12:41 PM, Antriksh Pany <antriksh.pany@xxxxxxxxx> wrote:

Hello

The crash was occurring due to incorrect rnti type being filled up. We
actually had broadcast information flowing. But the rnti type was 3
(C_RNTI). And this seemed to be causing wireshark to attempt to decode
the message as a dedicated UE message (noticed that during the couple
of times that it did not crash in Windows).

It would still be good to make sure we didn't crash, so that users such as yourself would see the problem more quickly.
Wireshark shouldn't crash - it should show the packet as malformed and hopefully make the problem obvious.
 

When I corrected the rnti type, the problem went away.

I think this should be a very good indicator of where in code the
problem would be. If there are some pointers as to where to look in
code, I could consider having a look myself!

Also, I guess wireshark could warn us when the RNTI is that of SI
(broadcast), but the rnti type is set differently.

Yes, it probably should verify that the SI- and P- RNTI types have the correct value.
 
Regards,
Martin

Cheers
Antriksh

On Thu, Nov 11, 2010 at 12:22 PM, Antriksh Pany <antriksh.pany@xxxxxxxxx> wrote:
> Hello
>
> I am facing a crash when I enable the option
>  'Try Heuristic LTE-MAC over UDP framing'
> and load an appropriate pcap.
>
> The crash does not occur when I turn off this option, and load the same pcap.
>
> This is the log:
> -----------------------
> bash-3.2$ /opt/wireshark/bin/wireshark
>
> (wireshark:10799): GLib-GObject-WARNING **: invalid (NULL) pointer instance
>
> (wireshark:10799): GLib-GObject-CRITICAL **: g_signal_emit_by_name:
> assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
> Segmentation fault
> bash-3.2$
> bash-3.2$ uname -a
> Linux dennis 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64
> x86_64 x86_64 GNU/Linux
> bash-3.2$ /opt/wireshark/bin/wireshark -v
> wireshark 1.4.1
>
> Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
> Compiled with GTK+ 2.10.4, (64-bit) with GLib 2.12.3, with libpcap 0.9.4, with
> libz 1.2.3, with POSIX capabilities (Linux), with libpcre (version unknown),
> without SMI, without c-ares, without ADNS, without Lua, without Python, with
> GnuTLS 1.4.1, with Gcrypt 1.2.4, with MIT Kerberos, without GeoIP, without
> PortAudio, without AirPcap.
>
> Running on Linux 2.6.18-128.el5, with libpcap version 0.9.4, with libz 1.2.3,
> GnuTLS 1.4.1, Gcrypt 1.2.4.
>
> Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-44).
> bash-3.2$
> -----------------------
>
>
> Also, I had tried doing the same on Windows. It was able to open the
> pcap correctly on the first few occassions. But it consistently
> crashes on windows as well now.
> These are the problem details shown by Windows (windows 7):
> -----------------------
> Problem signature:
>  Problem Event Name:   APPCRASH
>  Application Name:     wireshark.exe
>  Application Version:  1.4.1.34476
>  Application Timestamp:        4cb35037
>  Fault Module Name:    libwireshark.dll
>  Fault Module Version: 1.4.1.34476
>  Fault Module Timestamp:       4cb34ea4
>  Exception Code:       c0000005
>  Exception Offset:     0001148f
>  OS Version:   6.1.7600.2.0.0.256.4
>  Locale ID:    1033
>  Additional Information 1:     0a9e
>  Additional Information 2:     0a9e372d3b4ad19135b953a78882e789
>  Additional Information 3:     0a9e
>  Additional Information 4:     0a9e372d3b4ad19135b953a78882e789
> -----------------------
> I have tried things such as restarting the system etc, but nothing works.
>
> Any help/suggestions is appreciated.
>
> Thanks
> Antriksh Pany
>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe