Wireshark · Wireshark-users: Re: [Wireshark-users] Possible memory leak using Lua script

[Javi Gallart <jgallart@xxxxxxxxxxxxxxxx>]

Thanks for the reply.

I will try the latest version.
Just to make the case clearer, we're using tshark (configured with 
--disable-wiresahrk). It's doing a live capture and exiting a Lua 
Listener that writes some parts of the packet to a file. We'd like it to 
keep running constantly; but we need to restart it frequently because it 
runs out of memory.

Regards

Javi
On 10/08/2013 07:37 PM, Jeff Morriss wrote:
> On 10/07/13 12:29, Javi Gallart wrote:
> > Hello
> >
> > I am using a Lua script the extracts and writes to disk files from a
> > packet. When running in "realtime" everything goes smoothly but the
> > memory usage keeps growing until we have to restart everithing. So all
> > points to a memerory leak somehwere. We are tapping sigtran traffic.
>
> Have you read this article?  Chances are you're not looking at a leak 
> at all:
>
> http://wiki.wireshark.org/KnownBugs/OutOfMemory
>
> > Runnning with Valgring as recommended here
> > (http://wiki.wireshark.org/Development/Tips) I obtained this:
> >
> >   Invalid read of size 4
> >      at 0x65E1D18: mtp3_addr_to_str_buf (in
> > /usr/lib64/libwireshark.so.3.1.1)
> >      by 0x619F303: address_to_str_buf (in 
> > /usr/lib64/libwireshark.so.3.1.1)
> >      by 0x619F6A5: ??? (in /usr/lib64/libwireshark.so.3.1.1)
> >      by 0x619DC64: ??? (in /usr/lib64/libwireshark.so.3.1.1)
> >      by 0x61A3884: ??? (in /usr/lib64/libwireshark.so.3.1.1)
> >      by 0x61A5C51: col_fill_in (in /usr/lib64/libwireshark.so.3.1.1)
> >      by 0x1211F5: ??? (in /usr/sbin/tshark)
> >      by 0x122A11: ??? (in /usr/sbin/tshark)
> >      by 0x114CC4: ??? (in /usr/sbin/tshark)
> >      by 0x9DA9B74: (below main) (in /usr/lib64/libc-2.17.so)
> >    Address 0x13886f54 is 4 bytes inside a block of size 28 free'd
> [...]
> >   LEAK SUMMARY:
> >      definitely lost: 2,586,839 bytes in 151,327 blocks
> [...]
> > Should I assume that there is a leak in mtp3_addr_to_str_buf function?
>
> No, that's a memory use after the memory in question was freed (very 
> different from a leak).  That was fixed via 
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8247; that fix is 
> in the 1.10.x stable versions but not earlier versions.
>
> That Valgrind does show ~2 Mb of leaked memory though I think that's 
> pretty usual in the current stable branch--a lot of shutdown-related 
> memory leaks have been fixed in the current development version.
>
> ___________________________________________________________________________ 
>
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe