I was writing a Custom Wireshark Dissector. But when I ran the plugin I created, by choosing packets to be Decoded as my protocol, Wireshark Crashes with Error that "Application has requested runtime to terminate it in an unusual Way".
To Debug it further I added printf statements and also ran Wireshark from Visual C++ 2008 EE in Debug Mode(by adding breakpoints). What i see is that for one of the Packets the crash occurs when I call FTYPE_LOOKUP while a call to proto_tree_add_item is made for Length Field(4 bytes) of the Protocol.
From within proto_tree_add_item(), function alloc_field_info() is Called. From here get_hfi_and_length() is called which gives hfinfo(or header field info). This hfinfo is passed to new_field_info() function and this hfinfo is assigned to hfinfo field of field_info structure inside this function. The hfinfo->type is passed then to fvalue_init(). Here FTYPE_LOOKUP(Defined in ftypes.c) is Called where it crashes.
This is maybe because the type is not correct. I see hfinfo structure having junk values. It seems PROTO_REGISTRAR_GET_NTH. Why so ? Is there some problem in the way I have registered hf array ? Kindly note nothing abnormal happens if same code is called for other Packets.
This is how I have registered hf array
proto_register_field_array(proto, hf_base, array_length(hf_base));
asked 18 Jun '11, 14:02
varun saxena
1●2●2●2
accept rate: 100%
I meant it seems PROTO_REGISTRAR_GET_NTH() does not give me correct hfinfo structure. What am I doing wrong ?