I am getting this error:

WARNING **: Dissector bug, protocol MySQL, in packet 665: proto.c:2518: failed assertion "hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ"

What is the possible reason?

asked 27 Jan '12, 04:04

Sanny_D's gravatar image

Sanny_D
0162021
accept rate: 42%

edited 27 Jan '12, 06:20

multipleinterfaces's gravatar image

multipleinte...
1.2k91534


I believe the problem is likely because of a bug that was fixed in revision 39873. Unfortunately, the fix was not back-ported to the 1.6 branch, but I have scheduled it for 1.6.6.

Of course, without a capture file to test against, it's impossible to say for sure if this is the actual problem or not. If you can apply the patch yourself and test it, that would confirm it. Alternatively, you could post a small capture file to either the wireshark-dev or wireshark-users mailing lists, and someone could probably test it.

Another option would be to download and install a development version of the Wireshark installer post-r39873, such as one of those found here, then test it to see if the problem is resolved.

link

answered 27 Jan '12, 17:29

cmaynard's gravatar image

cmaynard ♦
6.2k725106
accept rate: 17%

http://code.google.com/p/loganon/source/browse/lib/tests/libwireshark-dissection/shark-test.c?r=929dc4492abf156d1cdc1b492361f2e1c7a80830

this is the code m using!

its not reading a capture file.. directly its dissecting the u_char* packet

(27 Jan '12, 21:11) Sanny_D

None of that matters; the dissection code neither knows nor cares whether you're reading a capture file.

As Chris noted, there's a bug in the MySQL dissector that can cause it to report an exception, and there's nothing you can do in your code to avoid it (other than not calling epan_dissect_run(), but then your code wouldn't actually dissect anything :-)) - you need to get a version of libwireshark that doesn't have the bug, either by waiting for Wireshark 1.6.6, using the development version, or patching the Wireshark source yourself.

(28 Jan '12, 12:30) Guy Harris ♦♦

thanks harris :-) patching the 1.6.4 is the solution :-)

(30 Jan '12, 02:05) Sanny_D

You should try running Wireshark using a debugger; this will help you isolate what line in your dissector code is failing. Looking at epan/proto.c on line 2518 from the latest SVN version doesn't seem particularly helpful:

 2517:               const char *format, ...)
>2518:{
 2519:  proto_item      *pi;

What version of the source are you using, and have you made any modifications to proto.c?

Edit: The line in question for 1.6.4 is this:

    header_field_info *hfinfo;

I'm going to guess that the problem is really from line 2522:

    DISSECTOR_ASSERT(hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ);

I'm going to guess that you have called proto_tree_add_string with an hfindex that does not reference an FT_STRING or FT_STRINGZ type field. I would strongly recommend running the application in a debugger to inspect the actual values at runtime, and very likely find whatever is causing this error so that you can fix it.

link

answered 27 Jan '12, 06:23

multipleinterfaces's gravatar image

multipleinte...
1.2k91534
accept rate: 12%

edited 27 Jan '12, 07:03

wireshark 1.6.4

no.. i havent done any modification to proto.c

(27 Jan '12, 06:54) Sanny_D
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×791
×338
×120
×6

Asked: 27 Jan '12, 04:04

Seen: 3,650 times

Last updated: 30 Jan '12, 02:05

powered by OSQA