This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark crashes when I compare a ‘VALS’ field to hex value

0

Hi, I have two header fields, both of them have FTUINT32 and BASE_HEX. hf 'A' doesn't take VALS value string array and hf 'B' does. When filtering I'm able to compare B to hex value (B==0x14). for hf A, I'm able to compare to a decimal value but when I'm trying to compare to hex value as soon as I type the 'x' in 0x wireshark crashes with the following error:

Problem signature:
  Problem Event Name:   APPCRASH
  Application Name: Wireshark.exe
  Application Version:  2.2.1.0
  Application Timestamp:    57f3eeb7
  Fault Module Name:    libglib-2.0-0.dll
  Fault Module Version: 2.42.0.0
  Fault Module Timestamp:   a918a908
  Exception Code:   c0000005
  Exception Offset: 000000000004efa3
  OS Version:   6.3.9600.2.0.0.256.4
  Locale ID:    1033
  Additional Information 1: f455
  Additional Information 2: f4555bcf43f9b09320fa85e1b053443b
  Additional Information 3: 2db8
  Additional Information 4: 2db80dd3f2cbd1e3a8a97e018a42aa48

asked 21 Nov '16, 06:16

Sharknado_prequal's gravatar image

Sharknado_pr...
6224
accept rate: 0%

edited 21 Nov '16, 08:45

grahamb's gravatar image

grahamb ♦
19.8k330206

Your description is not really clear to me. As you seem to be a developer, could you please provide some code snippets and run Wireshark in a debugger so as to get the callstack?

(21 Nov '16, 06:40) Pascal Quantin

One Answer:

1

Is your value_string for hf 'A' NULL terminated?

answered 21 Nov '16, 08:22

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

@JeffMorris No it wasn't! Also I'm sorry I confused A and B. The issue was with B (with VALS) but anyway it's resolved. Thanks! Also thanks @grahamb, I started debugging and tried to make sense of the strange values I saw (Hebrew letters...)

(21 Nov '16, 08:35) Sharknado_pr...

Excellent, glad that helped! (At least I think you're saying that was the problem :-))

I went ahead and converted my comment to an answer and moved your comment to my answer.

(21 Nov '16, 11:16) JeffMorriss ♦