Using an unmodified verion of wireshark 1.4.9 that I build from source I am getting the following error when I attempt to load a capture file with a proprietary protocol:

Glib-ERROR **:gmem.c:176: failed to allocate 2516584916 bytes aborting

After this I get a MSVC error and wireshark closes.

I get the same error when I run the same version of wireshark with a custom plug-in to decode the proprietary protocol.

Any pointers on possible causes or where to begin troubleshooting?

asked 19 Oct '11, 09:04

lanb's gravatar image

lanb
1222
accept rate: 0%

edited 19 Oct '11, 10:09

multipleinterfaces's gravatar image

multipleinte...
1.2k91534

It may also help if you post the "MSVC error".

(19 Oct '11, 10:09) multipleinte...

I assume that you control the code that actually decodes your protocol (if not, there won't be much you can do other than contact the maintainer of the decoder). That said, my guess is that the dissector for your protocol is attempting to allocate a buffer for inflated/decrypted/etc data based on a size field that is not bounds-checked and either incorrectly extracted or incorrectly set in your capture file. Put differently, something like this is in the dissect_PROTONAME function:

guint32 inflated_size;
guint8 *inflated_data_buffer;
...
inflated_size = tvb_get_ntohl(tvb, OFFSET, ENCODING);
inflated_data_buffer = g_alloc(inflated_size);

Realistically, it is impossible to say what is causing the problem without seeing some dissector code, but I assume you have access to that. Since you can compile Wireshark yourself, the best thing to do will be to use the debugger to see what's going on. At the very least, a stacktrace will help you pinpoint the problem, even if it is ultimately out of your control.

link

answered 19 Oct '11, 10:07

multipleinterfaces's gravatar image

multipleinte...
1.2k91534
accept rate: 12%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×122
×6
×1

Asked: 19 Oct '11, 09:04

Seen: 2,668 times

Last updated: 19 Oct '11, 10:09

powered by OSQA