Bug 1147600

Summary: [abrt] wireshark-gnome: gen_linktype(): wireshark killed by SIGABRT
Product: [Fedora] Fedora Reporter: Peter Ludikovsky <darthludi>
Component: libpcapAssignee: Michal Sekletar <msekleta>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: bj+bugzilla, huzaifas, igor.redhat, jeharris, lemenkov, msekleta, phatina, pwouters, rvokal, thozza
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/1252b70b8f3115ae653bee68f6a63ea79b19d8a9
Whiteboard: abrt_hash:141aaa4d0b343b2b8b3dc6d6832eef88bacd10d4
Fixed In Version: libpcap-1.5.3-3.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-20 08:32:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages
none
Proposed fix none

Description Peter Ludikovsky 2014-09-29 14:42:54 UTC 
Description of problem:
Started wireshark GUI as root (using sudo). Selected to capture all devices, and started to input the capture filter.

Version-Release number of selected component:
wireshark-gnome-1.10.10-1.fc20

Additional info:
reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        wireshark
crash_function: gen_linktype
executable:     /usr/sbin/wireshark
kernel:         3.16.3-200.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (8 frames)
 #2 gen_linktype at ./gencode.c:3426
 #3 gen_proto at ./gencode.c:5835
 #4 gen_proto_abbrev at ./gencode.c:4780
 #5 pcap_parse at grammar.y:419
 #6 pcap_compile at ./gencode.c:471
 #7 pcap_compile_nopcap at ./gencode.c:508
 #8 check_capture_filter_syntax at capture_dlg.c:632
 #9 g_thread_proxy at gthread.c:798
Comment 1 Peter Ludikovsky 2014-09-29 14:42:58 UTC 
Created attachment 942357 [details]
File: backtrace
Comment 2 Peter Ludikovsky 2014-09-29 14:42:59 UTC 
Created attachment 942358 [details]
File: cgroup
Comment 3 Peter Ludikovsky 2014-09-29 14:43:01 UTC 
Created attachment 942359 [details]
File: core_backtrace
Comment 4 Peter Ludikovsky 2014-09-29 14:43:03 UTC 
Created attachment 942360 [details]
File: dso_list
Comment 5 Peter Ludikovsky 2014-09-29 14:43:05 UTC 
Created attachment 942361 [details]
File: environ
Comment 6 Peter Ludikovsky 2014-09-29 14:43:06 UTC 
Created attachment 942362 [details]
File: limits
Comment 7 Peter Ludikovsky 2014-09-29 14:43:09 UTC 
Created attachment 942363 [details]
File: maps
Comment 8 Peter Ludikovsky 2014-09-29 14:43:10 UTC 
Created attachment 942364 [details]
File: open_fds
Comment 9 Peter Ludikovsky 2014-09-29 14:43:12 UTC 
Created attachment 942365 [details]
File: proc_pid_status
Comment 10 Peter Ludikovsky 2014-09-29 14:43:13 UTC 
Created attachment 942366 [details]
File: var_log_messages
Comment 11 Jeremy Harris 2014-10-16 20:20:30 UTC 
Another user experienced a similar problem:

sudo wireshark
(password)
dismiss the running-as-root warning window
reposition main window
select "Capture Options"
tick "Capture on all interfaces"
enter into Capture Filter box:  "tcp &&"

- box background goes red on 1st character
- after a varying number of characters, crash.   On 3 tries I've gotten as far as the second '&', and as little as "tc".

Window-manager: xfce.
Laptop with external screen active as well as builtin.

reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        wireshark
crash_function: gen_linktype
executable:     /usr/sbin/wireshark
kernel:         3.16.4-200.fc20.x86_64
package:        wireshark-gnome-1.10.10-1.fc20
reason:         wireshark killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            0
Comment 12 Peter Hatina 2014-10-17 11:51:45 UTC 
Created attachment 947864 [details]
Proposed fix

abort() is caused by gen_linktype() in libpcap, when off_linktype == (u_int) -1.

gen_linktype() lacks case jump for DLT_NFLOG.

Attached patch fixes the issue.
Comment 13 Michal Sekletar 2014-11-27 14:41:56 UTC 
*** Bug 1061830 has been marked as a duplicate of this bug. ***
Comment 14 Michal Sekletar 2014-11-27 14:43:33 UTC 
*** Bug 1096453 has been marked as a duplicate of this bug. ***
Comment 15 Fedora Update System 2014-11-27 15:28:36 UTC 
libpcap-1.5.3-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/libpcap-1.5.3-3.fc20
Comment 16 Paul Wouters 2014-11-27 15:58:09 UTC 
note that while this fixes the crasher (and seems to be what upstream does too), it does not resolve the actual issue of not being able to fully use nflog interfaces with these tools :/
Comment 17 Michal Sekletar 2014-11-27 16:29:24 UTC 
Sure, but this bug was about the crash. If you need some other features backported please file a new bug.
Comment 18 Fedora Update System 2014-12-01 19:05:38 UTC 
Package libpcap-1.5.3-3.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libpcap-1.5.3-3.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-16032/libpcap-1.5.3-3.fc20
then log in and leave karma (feedback).
Comment 19 Fedora Update System 2014-12-20 08:32:36 UTC 
libpcap-1.5.3-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.