This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Issues with VALS and/or RVALS macros when used in custom dissector

0

Recently found that Wireshark would completely crash when loading certain capture files which activated a custom dissector. After some basic debugging I determined that removing the use of those macros from my definition of static "hf_register_info" data made the problem go away. This sounds a lot like a coincidence (e.g. change just masked a bug) but haven't been able to put my finger on alternative cause just yet.

In most cases Wireshark would just crash upon loading/dissecting but I also did find instances where the crash would not occur until I selected a certain packet. This sort of implies that the act of de-referencing the array or displaying the text is causing the issue, so I am pursuing that angle, but wanted to see if there were any known issues or limitations with the use of the VALS and/or RVALS arrays.

asked 21 Jun '17, 07:02

wittynickname's gravatar image

wittynickname
16447
accept rate: 50%

Never mind, pretty sure I found it... my arrays were not terminated with {0, NULL} which seems to be the convention.

(21 Jun '17, 07:23) wittynickname

One Answer:

0

Slowly removing egg from face...

Confirmed, these lists must be terminated with either {0, NULL} or {0,0,NULL} entry as appropriate.

There appear to be some additional MACROs to help with this but none of the examples I looked at in the standard source base used them.

answered 21 Jun '17, 07:48

wittynickname's gravatar image

wittynickname
16447
accept rate: 50%

1

FYI: You might want to run the various perl scripts such as checkAPIs.pl, checkfiltername.pl, and checkhf.pl against your dissectors to help automatically catch errors such as this.

For example, I temporarily removed the {0,NULL} value string terminator from one of the IP dissector's value strings and ran checkAPIs.pl against it. Here's the output:

perl tools\checkAPIs.pl epan/dissectors/packet-ip.c
Error: epan/dissectors/packet-ip.c        : {0, NULL} is required as the last value_string array entry: value_string ipopt_type_class_vals[]
(21 Jun '17, 13:10) cmaynard ♦♦