https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16778
--- Comment #5 from allenmeno...@outlook.com ---
(In reply to Guy Harris from comment #4)
> (In reply to allenmenor16 from comment #3)
> > Yes, the macros I have been using did not crash, and worked, with packets
> > being filtered correctly in Wireshark versions up to 3.2.3, and crash in
> > Wireshark 3.2.4 and later versions.
> >
> > In regards to defining macros, I provided the example of "R" and "4RS" due
> > to macros being confidential information. For the case of this bug report, I
> > have defined a few macros below:
> >
> > W - wlan.sa contains 0912.F4$1 ($1 being the remainder of the IP)
> > 2DS - (wlan.fc.ds == 0x01)
> > WB - (${W:$1} && ${2DS})
> > nRt - wlan.fc.retry == 0
> > WBR2 (${WB:$1} && ${nRt}.
> >
> > Typing the macro "${WBR2$1} into the display filter bar crashes Wireshark.
>
> With Wireshark 3.2.6 on macOS, it reports "Invalid character in macro name"
> in the status bar, because that's not part of the body of a macro, so $n
> doesn't stand for the nth argument to a macro - it's interpreted as part of
> a macro name. Typing Enter does nothing (because the filter is invalid and
> can't be applied).
>
> The crash might be the result of a difference in the Wireshark version, or a
> Windows-versus-macOS difference (such as a difference between the way their
> memory allocators work), or some other difference.
>
> Presumably you've tried it with 3.2.6 (the latest version), as you say
> "3.2.4 and later versions".
>
> The exception is an "access violation", which is Windows-ese for what, in
> UN*X-ese, is a "segmentation violation". The most common cause of those is
> a null-pointer dereference, but dereferencing other invalid pointers can
> also cause a reference to an address that's not part of the address space,
> so there's a bad pointer being used somewhere.
>
> Does it crash if you have no capture file open, and type that expression in
> and press Enter?
>
> If not, then, if you have a file open that was open when the crash occurred,
> does it crash if you just type, for example, "ip" in the display filter bar
> and press Enter?
Wireshark does crash when I type in the expression "${WBR2:$1}" and press the
Enter key with no capture file open.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
