[Wireshark-bugs] [Bug 13363] "Do you want to save the captured packets...?" [Continue without saving]
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13363 --- Comment #6 from Gerrit Code Review--- Change 20485 merged by Stig Bjørlykke: Qt: Give discard button focus (but not as default) https://code.wireshark.org/review/20485 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13363] "Do you want to save the captured packets...?" [Continue without saving]
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13363 Gerrit Code Reviewchanged: What|Removed |Added Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918 --- Comment #20 from Gerrit Code Review--- Change 20498 merged by Michael Mann: T30: fix parsing broken since ge063924 https://code.wireshark.org/review/20498 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448 --- Comment #31 from Guy Harris--- (In reply to Jörg Mayer from comment #28) > Bug 12075 has a method of reliably triggering a failure in capture. This > will reliably trigger a crash on macOS that I have seen lots of times while > working on this bug. > After confirming the error message the screen returns to the start screen > and crashes a few seconds later. > > (process:31939): Main-DEBUG: Translator system > ASAN:DEADLYSIGNAL > = > ==31939==ERROR: AddressSanitizer: SEGV on unknown address 0x NULL pointer dereference. > (pc > 0x000112152c00 bp 0x7fff506cea30 sp 0x7fff506ce1b0 T0) > #0 0x112152bff in wrap_strcmp (libclang_rt.asan_osx_dynamic.dylib+0xdbff) > #1 0x10fff43de in capture_stats (Wireshark+0x100ac63de) That would be the strcmp() in for (sc_entry = sc->cache_list; sc_entry != NULL; sc_entry = g_list_next(sc_entry)) { sc_item = (if_stat_cache_item_t *)sc_entry->data; if (strcmp(sc_item->name, ifname) == 0) { memcpy(ps, _item->ps, sizeof(struct pcap_stat)); return TRUE; } } unless the compiler has inlined capture_stat_cache_update(), in which case it might also be the strcmp() in while (sync_pipe_gets_nonblock(sc->stat_fd, stat_line, MAX_STAT_LINE_LEN) > 0) { g_strstrip(stat_line); stat_parts = g_strsplit(stat_line, "\t", 3); if (stat_parts[0] == NULL || stat_parts[1] == NULL || stat_parts[2] == NULL) { g_strfreev(stat_parts); continue; } for (sc_entry = sc->cache_list; sc_entry != NULL; sc_entry = g_list_next(sc_entry)) { sc_item = (if_stat_cache_item_t *)sc_entry->data; if (strcmp(sc_item->name, stat_parts[0]) == 0) { sc_item->ps.ps_recv = (u_int) strtoul(stat_parts[1], NULL, 10); sc_item->ps.ps_drop = (u_int) strtoul(stat_parts[2], NULL, 10); } } g_strfreev(stat_parts); } The first crash would happen if the item's name were null or the inflame passed in were null. The second crash would happen if the item's name were null; there's already a check for whether stat_parts[0] is null before the strcmp(). -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448 --- Comment #30 from Guy Harris--- (In reply to Jörg Mayer from comment #26) > No idea whether they should be shown. At least I don't see any IP-Adresses > for rpcap interfaces on macOS with WS and libpcap head while I do see them > for local interfaces. They *should* be shown, but the protocol problem I mentioned means it may not work with a *BSD/macOS client and any server or a *BSD/macOS server and any client. (IPv6 addresses will also have problems even if it's a Windows/Linux/Solaris/HP-UX client and server, unless they're both running the same OS.) -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448 --- Comment #29 from Guy Harris--- (In reply to Stig Bjørlykke from comment #25) > I found this in a mail dated Thu, Jun 23, 2011: > > " > One problem on OSX is the size of the interface address is not equal to the > one on Solaris/Windows, I think this is because an internal struct is used. > This is dissected in dissect_rpcap_ifaddr() in packet-rpcap.c. This only > affects listing the addresses on the remote interfaces, and does not affect > fetching packets. Yes. There are two problems with the "fetch remote interfaces" message: 1) It sends a socket address structure over the wire, but, on systems with a "new BSD"-style socket address structure, the structure begins *not* with a 2-byte address family but with a 1-byte address structure length and a 1-byte address family (that was done when support for the OSI protocols, with variable-length network addresses, was added to BSD). That means that the code that serializes addresses byte-swaps the 1-byte address family field, which turns it into 0, and the code that de-serializes it will not do the right thing if its socket address structures are different from the server's socket address structures. 2) They send the raw address family value over the wire, but different OSes have different values for AF_INET6, so if the server and client have different values for AF_INET6, the IPv6 addresses won't be recognized. I'm working on a change where 1) the server sends a standard structure over the wire, with a layout independent of the OS's socket address structure layouts, including a 2-byte address family field, and always sends the Windows version of AF_INET6; 2) the client checks for a number of address family values, to try to handle servers that have a 2-byte address family field, big-endian servers that have a 1-byte structure length field and a 1-byte address family field, and little-endian servers that have a 1-byte structure length field and a 1-byte address family field, and to handle several different AF_INET6 values. This means that: 1) the fixed client should work with the fixed server *and* with un-fixed servers on most OSes (if I can find out what AF_INET6 is on IRIX and Tru64 UNIX, I could handle them as well - currently, it should handle un-fixed servers on Windows, Linux, *BSD, macOS, AIX, Solaris, and HP-UX); 2) the un-fixed client on Windows should work with the fixed server on all platforms; 3) the un-fixed client on UN*Xes won't work with the fixed server on any platform, but it also wouldn't work with the un-fixed server on Windows or most other UN*Xes, and might not even work with the same UN*X if that UN*X has a 1-byte structure length field and a 1-byte address family field - and the UN*X client, unlike the Windows client, isn't part of a standard *pcap release, so the user should be able to build and use the fixed client. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448 --- Comment #28 from Jörg Mayer--- Bug 12075 has a method of reliably triggering a failure in capture. This will reliably trigger a crash on macOS that I have seen lots of times while working on this bug. After confirming the error message the screen returns to the start screen and crashes a few seconds later. (process:31939): Main-DEBUG: Translator system ASAN:DEADLYSIGNAL = ==31939==ERROR: AddressSanitizer: SEGV on unknown address 0x (pc 0x000112152c00 bp 0x7fff506cea30 sp 0x7fff506ce1b0 T0) #0 0x112152bff in wrap_strcmp (libclang_rt.asan_osx_dynamic.dylib+0xdbff) #1 0x10fff43de in capture_stats (Wireshark+0x100ac63de) #2 0x10f7f602e in InterfaceTreeModel::updateStatistic(unsigned int) (Wireshark+0x1002c802e) #3 0x10f813994 in InterfaceFrame::updateStatistics() (Wireshark+0x1002e5994) #4 0x10ff86cdb in InterfaceFrame::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (Wireshark+0x100a58cdb) #5 0x111be02e0 in QMetaObject::activate(QObject*, int, int, void**) (QtCore+0x21d2e0) #6 0x111bd931f in QObject::event(QEvent*) (QtCore+0x21631f) -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13476] Fuzzed BGP packet causing divide by zero crash
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13476 Gerrit Code Reviewchanged: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13476] Fuzzed BGP packet causing divide by zero crash
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13476 --- Comment #2 from Gerrit Code Review--- Change 20499 merged by Michael Mann: bgp: Avoid divide by zero https://code.wireshark.org/review/20499 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12075] Error while trying to run remote capture - bind address already in use (code 98)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12075 Jörg Mayerchanged: What|Removed |Added Status|INCOMPLETE |CONFIRMED --- Comment #7 from Jörg Mayer --- Reproduced, this time reliably on macOS. It will also reliably crash afterwards on macOS (but most likely not on Windows). Tracking the crash will be done as part of bug 13448. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13348] Fuzzed PCAP causes large memory usage in dissect_wsp
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348 --- Comment #7 from Gerrit Code Review--- Change 20500 had a related patch set uploaded by Balint Reczey: wsp: Sanity check capability length https://code.wireshark.org/review/20500 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10267] Connection to RPCAP daemon for fetching interface capabilities is always attempted with null authentication
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10267 Jörg Mayerchanged: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10267] Connection to RPCAP daemon for fetching interface capabilities is always attempted with null authentication
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10267 --- Comment #2 from Jörg Mayer--- Just tested on macOS with latest git of Wireshark and libpcap: Problem does not occur, even after listing the interfaces and starting and stopping two capture sessions. Closing. If the problem should still be present with a current Wireshark (>=2.2.5) on your system, please reopen the bug and update the information in the bug's header. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 11011] Please add an option "Use monitor mode on all 802.11 interfaces"
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11011 Peter Wuchanged: What|Removed |Added CC||pe...@lekensteyn.nl --- Comment #2 from Peter Wu --- This behavior can currently (at least with Wireshark 2.0, 2.2 and 2.3.x) be enabled with: wireshark -I This option enables monitor mode on all interfaces that support it (this is at least documented in the wireshark(1) manual, I did not actually test it). -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12255] capture filter text disappears when adapter selection is changed
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12255 Peter Wuchanged: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||pe...@lekensteyn.nl Resolution|--- |DUPLICATE --- Comment #1 from Peter Wu --- The suggested change is the same as bug 12636, marking as duplicate. *** This bug has been marked as a duplicate of bug 12636 *** -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12636] Selecting an interface can clear the capture filter
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12636 Peter Wuchanged: What|Removed |Added CC||raysat...@yahoo.com --- Comment #2 from Peter Wu --- *** Bug 12255 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13476] Fuzzed BGP packet causing divide by zero crash
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13476 --- Comment #1 from Gerrit Code Review--- Change 20499 had a related patch set uploaded by Stig Bjørlykke: bgp: Avoid divide by zero https://code.wireshark.org/review/20499 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13478] New: Fuzzed netscaler file causes infinite loop in nstrace_set_start_time_v20
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478 Bug ID: 13478 Summary: Fuzzed netscaler file causes infinite loop in nstrace_set_start_time_v20 Product: Wireshark Version: Git Hardware: All OS: All Status: UNCONFIRMED Severity: Major Priority: Low Component: Capture file support (libwiretap) Assignee: bugzilla-ad...@wireshark.org Reporter: otto.air...@gmail.com Created attachment 15331 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15331=edit PCAP causing issue Build Information: TShark (Wireshark) 2.3.0 (v2.3.0rc0-2662-g7119b66) Built using gcc 5.4.0 20160609. -- Fuzzed PCAP goes to infinite loop on tshark 2.0.2 and a resent build from repository (commit 7119b6691f318efa90bfe42a98d1b812dac183b5) GDB backtrace from 'tshark -2 -V -r ' Interrupted after a while: Program received signal SIGINT, Interrupt. 0x77b563f8 in nstrace_set_start_time_v20 (wth=0xab6590, wth=0xab6590) at netscaler.c:900 900nstrace_set_start_time_ver(20) (gdb) bt #0 0x77b563f8 in nstrace_set_start_time_v20 (wth=0xab6590, wth=0xab6590) at netscaler.c:900 #1 0x77b56e9f in nstrace_set_start_time (wth=0xab6590) at netscaler.c:918 #2 nstrace_open (wth=0xab6590, err=0x7fffdf18, err_info=0x7fffd638) at netscaler.c:767 #3 0x77b439f1 in wtap_open_offline (filename=filename@entry=0xab6ef0 "netscaler_busyloop.pcap", type=type@entry=0, err=err@entry=0x7fffdf18, err_info=err_info@entry=0x7fffd638, do_random=) at file_access.c:1047 #4 0x0041820d in cf_open (cf=cf@entry=0x643060 , fname=0xab6ef0 "netscaler_busyloop.pcap", type=0, is_tempfile=is_tempfile@entry=0, err=err@entry=0x7fffdf18) at tshark.c:4118 #5 0x0040e914 in main (argc=, argv=) at tshark.c:2027 (gdb) Credit goes to: Otto Airamo and Antti Levomäki, Forcepoint -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing listArchives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13477] New: Fuzzed UDP packet causes large memory usage
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477 Bug ID: 13477 Summary: Fuzzed UDP packet causes large memory usage Product: Wireshark Version: Git Hardware: All OS: All Status: UNCONFIRMED Severity: Major Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: otto.air...@gmail.com Created attachment 15330 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15330=edit PCAP causing issue Build Information: TShark (Wireshark) 2.3.0 (v2.3.0rc0-2662-g7119b66) Built using gcc 5.4.0 20160609. -- Fuzzed PCAP containing singe UDP packet uses all the memory on tshark 2.0.2 and a resent build from repository (commit 7119b6691f318efa90bfe42a98d1b812dac183b5) Example GDB backtrace from 'tshark -r ' Interrupted after using 4GB of memory: Program received signal SIGINT, Interrupt. 0x74b0368a in parse_wbxml_attribute_list_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=154, str_tbl=str_tbl@entry=4, level=, codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7078 7078if ((peek & 0x3F) < 5) switch (peek) { /* Global tokens (gdb) bt #0 0x74b0368a in parse_wbxml_attribute_list_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=154, str_tbl=str_tbl@entry=4, level=, codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7078 #1 0x74b046a2 in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=153, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7562 #2 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=114, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #3 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=113, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #4 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=112, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #5 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=111, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #6 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=110, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #7 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=109, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #8 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=108, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #9 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=107, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #10 0x74b0433d in parse_wbxml_tag_defined (tree=tree@entry=0x0, tvb=tvb@entry=0x83b680, pinfo=pinfo@entry=0xad2f28, offset=offset@entry=106, str_tbl=str_tbl@entry=4, level=level@entry=0x7fffcd19 "\021", codepage_stag=0x7fffcd1a "", codepage_attr=0x7fffcd1b "", map=0x764a8760 ) at packet-wbxml.c:7534 #11 0x74b0433d in parse_wbxml_tag_defined
[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918 --- Comment #19 from Gerrit Code Review--- Change 20498 had a related patch set uploaded by Michael Mann: T30: fix parsing broken since ge063924 https://code.wireshark.org/review/20498 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918 Gerrit Code Reviewchanged: What|Removed |Added Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918 --- Comment #18 from Gerrit Code Review--- Change 20497 had a related patch set uploaded by Michael Mann: T30: fix parsing broken since ge063924 https://code.wireshark.org/review/20497 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 1918] T30 FCF byte decoding masks DTC, CIG and NCS
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1918 --- Comment #17 from Gerrit Code Review--- Change 20423 merged by Michael Mann: T30: fix parsing broken since ge063924 https://code.wireshark.org/review/20423 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13347] Fuzzed PCAP causes large memory usage in dissect_rtmpt
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347 --- Comment #8 from Gerrit Code Review--- Change 20490 merged by Balint Reczey: rtmpt: Ensure sequence count is incremented for stored fragments https://code.wireshark.org/review/20490 -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448 --- Comment #27 from Jörg Mayer--- Just checked: Looks the same on Windows -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13448] rpcap doesn't work with dumpcap/*shark on UN*Xes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13448 --- Comment #26 from Jörg Mayer--- No idea whether they should be shown. At least I don't see any IP-Adresses for rpcap interfaces on macOS with WS and libpcap head while I do see them for local interfaces. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13469] TShark does not display QUIC information while Wireshark does
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13469 --- Comment #5 from Alexis La Goutte--- (In reply to Jonmejoy Das Choudhury from comment #4) > (In reply to Guy Harris from comment #2) > > In at least one capture QUIC capture file, with frames containing a CID, > > 2.2.5 on macOS printed the CID. > > > > We'd probably be able to diagnose the problem faster if we could see a > > capture that shows this problem. > > I've now attached the pcap. Please let me know if the problem could be > reproduced. Thanks With 2.3.x, no issue for me (it is recommended to use last nighty build if you want to analyse QUIC protocol) The protocol move QUICky and not all enhance is backport to older wireshark branch -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe