This is our old Q&A Site. Please post any new questions and answers at

Tshark handles exceptions/assertion failures on Windows, but on Linux, it will crash on exceptions/assertion failures, how to do?

asked 11 Feb '14, 23:28

metamatrix's gravatar image

accept rate: 100%

can you please show an example where tshark on Windows fails 'in a better/different way' than on Linux?

(12 Feb '14, 00:39) Kurt Knochner ♦

e.g. packet-frame.c ln 491

        /* Win32: Visual-C Structured Exception Handling (SEH) to trap hardware exceptions
           like memory access violations.
           (a running debugger will be called before the except part below) */
                /* Note: A Windows "exceptional exception" may leave the kazlib's (Portable Exception Handling)
                   stack in an inconsistent state thus causing a crash at some point in the
                   handling of the exception.*/
    TRY {
#ifdef _MSC_VER
        __try {


#ifdef _MSC_VER

#ifdef _MSC_VER
        } __except(EXCEPTION_EXECUTE_HANDLER /* handle all exceptions */) {
            switch(GetExceptionCode()) {
                show_exception(tvb, pinfo, parent_tree, DissectorError,
                           "STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address");
                show_exception(tvb, pinfo, parent_tree, DissectorError,
                           "STATUS_INTEGER_DIVIDE_BY_ZERO: dissector tried an integer division by zero");
                show_exception(tvb, pinfo, parent_tree, DissectorError,
                           "STATUS_STACK_OVERFLOW: dissector overflowed the stack (e.g. endless loop)");
                /* XXX - this will have probably corrupted the stack,
                   which makes problems later in the exception code */
                /* XXX - add other hardware exception codes as required */
                show_exception(tvb, pinfo, parent_tree, DissectorError,
                           g_strdup_printf("dissector caused an unknown exception: 0x%x", GetExceptionCode()));
(12 Feb '14, 17:02) metamatrix

What are you trying to do on Linux with tshark?

(12 Feb '14, 17:04) Kurt Knochner ♦

You'd have to catch SIGSEGV, SIGBUS, SIGFPE (which, in practice, many UN*Xes use for integer division), and SIGABRT (which is what abort() delivers; that's what tends to be used for at least some assertions) in, for example, dissect_frame() in epan/dissectors/packet-frame.c and, in the handler, somehow manage to handle those conditions.

UN*X systems don't have Windows-style structured exception handling for errors such as those, so that's going to be harder to do.

permanent link

answered 12 Feb '14, 16:52

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

edited 17 Feb '14, 01:20

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 11 Feb '14, 23:28

question was seen: 1,974 times

last updated: 17 Feb '14, 01:20

p​o​w​e​r​e​d by O​S​Q​A