Ask Your Question
0

tshark with --export-dicom gives “Segmentation fault (core dumped)”

asked 2020-07-19 10:33:33 +0000

daje gravatar image

updated 2020-08-06 11:32:54 +0000

Guy Harris gravatar image

My problem is described in this stack overflow question https://stackoverflow.com/questions/6....

Is this a known bug?

I would like to provide you the stack trace with gdb but I'm having trouble getting the binary, maybe you can guide me through this process.

Add output of thsark -v

ON THE HOST:

TShark (Wireshark) 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0)

Copyright 1998-2019 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.56.4, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua
5.2.4, with GnuTLS 3.5.18, with Gcrypt 1.8.1, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.30.0, with LZ4, with Snappy, with libxml2 2.9.4.

Running on Linux 4.15.0-106-generic, with         Intel(R) Core(TM) i7-3770 CPU
@ 3.40GHz (with SSE4.2), with 15994 MB of physical memory, with locale
de_DE.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1,
with zlib 1.2.11, binary plugins supported (13 loaded).

Built using gcc 7.4.0

ON CONTAINER:

TShark (Wireshark) 3.2.3 (Git v3.2.3 packaged as 3.2.3-1)

Copyright 1998-2020 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.64.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua
5.2.4, with GnuTLS 3.6.13 and PKCS #11 support, with Gcrypt 1.8.5, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0, with brotli, with LZ4,
with Zstandard, with Snappy, with libxml2 2.9.10.

Running on Linux 4.15.0-106-generic, with         Intel(R) Core(TM) i7-3770 CPU
@ 3.40GHz (with SSE4.2), with 15994 MB of physical memory, with locale C, with
libpcap version 1.9.1 (with TPACKET_V3), with GnuTLS 3.6.13, with Gcrypt 1.8.5,
with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (0 loaded).

Built using gcc 9.3.0.
edit retag flag offensive close merge delete

Comments

Can you add output of tshark -v from runs on the host and the container

Chuckc gravatar imageChuckc ( 2020-07-19 15:29:12 +0000 )edit

Running with -V I could see that tshark crashes exactly on dicom packet (segment). The output with -v you can find in the edit.

daje gravatar imagedaje ( 2020-07-20 16:46:08 +0000 )edit

Can you provide a small capture with the dicom packet that causes the error?

Chuckc gravatar imageChuckc ( 2020-07-20 17:28:19 +0000 )edit

I confirm that the problem is only with version 3.2, when I switch to version 2.6 and ubuntu 18.4 I don't have this bug anymore. Thanks for the support.

daje gravatar imagedaje ( 2020-07-22 11:38:04 +0000 )edit

If you want to thank us for the support, please don't just say "older Wireshark, problem solved!" - get a stack trace, or supply a sample capture that causes the problem, and make a bug report, so we (the Wireshark developers) can try to fix the problem, so other users with 3.2 (who might not have the option of going back to 2.6 - or 3.0 if it doesn't have the bug) can get the fix as well.

Guy Harris gravatar imageGuy Harris ( 2020-07-26 06:43:08 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2020-07-19 21:51:26 +0000

Guy Harris gravatar image

updated 2020-07-19 21:51:50 +0000

Is this a known bug?

"Tshark crashes" isn't a single bug, it's a symptom of many bugs, some known and some unknown. We'd need more details to determine what bug this is; that's why I asked for a stack trace.

I'm having trouble getting the binary

When you're logged into the container on which TShark crashes, type the command which tshark; that will give you the full path of the program that's run if you type tshark as a command.

edit flag offensive delete link more

Comments

I confirm that the problem is only with version 3.2, when I switch to version 2.6 and ubuntu 18.4 I don't have this bug anymore.

OK, so something changed between 2.6 and 3.2 that introduced a bug.

If you want to have us fix the bug, please supply us with a sample capture or a stack trace, and file a bug on the Wireshark Bugzilla.

Guy Harris gravatar imageGuy Harris ( 2020-07-22 21:24:14 +0000 )edit

This has nothing whatsoever to do with Docker or permissions; it can be reproduced without Docker and with the right capture file, as per Wireshark bug 16748.

Guy Harris gravatar imageGuy Harris ( 2020-08-06 11:31:59 +0000 )edit

A fix has been checked in for that bug; the Wireshark releases that will include the fix are currently scheduled for 2020-08-12, and OSes that include Wireshark in their package collections may release updates after that.

The fix was backported to 2.6, so there may be cases where the same crash will occur even with 2.6.

Guy Harris gravatar imageGuy Harris ( 2020-08-06 20:43:57 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-07-19 10:33:33 +0000

Seen: 623 times

Last updated: Aug 06 '20