https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16778
--- Comment #4 from Guy Harris <ghar...@sonic.net> ---
(In reply to allenmenor16 from comment #3)
> Yes, the macros I have been using did not crash, and worked, with packets
> being filtered correctly in Wireshark versions up to 3.2.3, and crash in
> Wireshark 3.2.4 and later versions.
>
> In regards to defining macros, I provided the example of "R" and "4RS" due
> to macros being confidential information. For the case of this bug report, I
> have defined a few macros below:
>
> W - wlan.sa contains 0912.F4$1 ($1 being the remainder of the IP)
> 2DS - (wlan.fc.ds == 0x01)
> WB - (${W:$1} && ${2DS})
> nRt - wlan.fc.retry == 0
> WBR2 (${WB:$1} && ${nRt}.
>
> Typing the macro "${WBR2$1} into the display filter bar crashes Wireshark.
With Wireshark 3.2.6 on macOS, it reports "Invalid character in macro name" in
the status bar, because that's not part of the body of a macro, so $n doesn't
stand for the nth argument to a macro - it's interpreted as part of a macro
name. Typing Enter does nothing (because the filter is invalid and can't be
applied).
The crash might be the result of a difference in the Wireshark version, or a
Windows-versus-macOS difference (such as a difference between the way their
memory allocators work), or some other difference.
Presumably you've tried it with 3.2.6 (the latest version), as you say "3.2.4
and later versions".
The exception is an "access violation", which is Windows-ese for what, in
UN*X-ese, is a "segmentation violation". The most common cause of those is a
null-pointer dereference, but dereferencing other invalid pointers can also
cause a reference to an address that's not part of the address space, so
there's a bad pointer being used somewhere.
Does it crash if you have no capture file open, and type that expression in and
press Enter?
If not, then, if you have a file open that was open when the crash occurred,
does it crash if you just type, for example, "ip" in the display filter bar and
press Enter?
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
