From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050417 Fedora/1.0.3-2.os.1 Firefox/1.0.3 Description of problem: When exiting ethereal's find it crashes the program and outputs a glibc backtrace. Version-Release number of selected component (if applicable): ethereal-0.10.10-1 How reproducible: Always Steps to Reproduce: 1. Fire up ethereal.. capture a few packets 2. Search the packets with a hex string 3. Close search dialog Actual Results: Program terminated Expected Results: Dialog closes normally Additional info: *** glibc detected *** ethereal: corrupted double-linked list: 0x007338b8 *** ======= Backtrace: ========= /lib/libc.so.6[0x670801] /lib/libc.so.6[0x671a1b] /lib/libc.so.6(malloc+0x74)[0x673107] /usr/lib/libglib-2.0.so.0(g_malloc+0x30)[0x888a00] /usr/lib/libpango-1.0.so.0(pango_log2vis_get_embedding_levels+0x14f)[0xa929fd] /usr/lib/libpango-1.0.so.0[0xa81724] /usr/lib/libpango-1.0.so.0(pango_itemize_with_base_dir+0xa0)[0xa82354] /usr/lib/libpango-1.0.so.0[0xa89459] /usr/lib/libpango-1.0.so.0(pango_layout_get_iter+0x59)[0xa8a353] /usr/lib/libpango-1.0.so.0(pango_renderer_draw_layout+0xbc)[0xa8f185] /usr/lib/libgdk-x11-2.0.so.0(gdk_draw_layout_with_colors+0x32b)[0x11bd95] /usr/lib/libgdk-x11-2.0.so.0(gdk_draw_layout+0xef)[0x11bf7d] /usr/lib/libgtk-x11-2.0.so.0[0x2c054a1] /usr/lib/gtk-2.0/2.4.0/engines/libclearlooks.so[0x3555ed] /usr/lib/libgtk-x11-2.0.so.0(gtk_paint_layout+0x89)[0x2c0855c] /usr/lib/libgtk-x11-2.0.so.0[0x2ba2977] /usr/lib/libgtk-x11-2.0.so.0[0x2bb1352] /usr/lib/libgobject-2.0.so.0[0x8f1d9b] /usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285] /usr/lib/libgobject-2.0.so.0[0x900917] /usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53] /usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254] /usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13] /usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06] /usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d] /usr/lib/libgtk-x11-2.0.so.0[0x2af66b9] /usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x65)[0x2b2ef4a] /usr/lib/libgtk-x11-2.0.so.0[0x2b307d1] /usr/lib/libgtk-x11-2.0.so.0[0x2bb1352] /usr/lib/libgobject-2.0.so.0[0x8f1d9b] /usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285] /usr/lib/libgobject-2.0.so.0[0x900917] /usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53] /usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254] /usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13] /usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06] /usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d] /usr/lib/libgtk-x11-2.0.so.0[0x2af2f5b] /usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x65)[0x2b2ef4a] /usr/lib/libgtk-x11-2.0.so.0[0x2b307d1] /usr/lib/libgtk-x11-2.0.so.0[0x2bb1352] /usr/lib/libgobject-2.0.so.0[0x8f1d9b] /usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285] /usr/lib/libgobject-2.0.so.0[0x900917] /usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53] /usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254] /usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13] /usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06] /usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d] /usr/lib/libgtk-x11-2.0.so.0[0x2af2f5b] /usr/lib/libgtk-x11-2.0.so.0(gtk_container_forall+0x65)[0x2b2ef4a] /usr/lib/libgtk-x11-2.0.so.0[0x2b307d1] /usr/lib/libgtk-x11-2.0.so.0[0x2af891b] /usr/lib/libgtk-x11-2.0.so.0[0x2bb1352] /usr/lib/libgobject-2.0.so.0[0x8f1d9b] /usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x10a)[0x8f2285] /usr/lib/libgobject-2.0.so.0[0x900917] /usr/lib/libgobject-2.0.so.0[0x900917] /usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x41e)[0x901c53] /usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x902254] /usr/lib/libgtk-x11-2.0.so.0[0x2c8ca13] /usr/lib/libgtk-x11-2.0.so.0(gtk_container_propagate_expose+0x15a)[0x2b30a06] /usr/lib/libgtk-x11-2.0.so.0[0x2b30a5d] /usr/lib/libgtk-x11-2.0.so.0[0x2af6688] ======= Memory map: ======== 00101000-0017d000 r-xp 00000000 fd:00 183632 /usr/lib/libgdk-x11-2.0.so.0.600.7 0017d000-00184000 rwxp 0007c000 fd:00 183632 /usr/lib/libgdk-x11-2.0.so.0.600.7 00184000-00185000 r-xp 00000000 fd:00 251326 /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2 00185000-00186000 rwxp 00000000 fd:00 251326 /usr/X11R6/lib/X11/locale/lib/common/xlcUTF8Load.so.2 00186000-00211000 r-xp 00000000 fd:00 185250 /usr/lib/libnetsnmp.so.5.2.1 00211000-00214000 rwxp 0008b000 fd:00 185250 /usr/lib/libnetsnmp.so.5.2.1 00214000-00232000 rwxp 00214000 00:00 0 00232000-00329000 r-xp 00000000 fd:00 348287 /lib/libcrypto.so.0.9.7f
I didn't manage to reproduce this bug here. Should I really search for _any_ hex value? I've tried to find a packet with fe. 0004 and this seems to work fine .. even find next and find previous still search for this hex value.
There's a new rawhide version which might fix this issue, please test it.
I was able to reproduce this with the latest ethereal from rawhide. I listened to "all interfaces" in promiscuous mode, hit enter a few times in a ssh window and stopped capturing. Then I hit ctrl+f, entered a simple hex string - 0404 - and hit find. Find reports no results and the program dies when you click ok. I also got this captured in valgrind: ==5880== Invalid free() / delete / delete[] ==5880== at 0x1B908743: free (vg_replace_malloc.c:152) ==5880== by 0x888B43: g_free (in /usr/lib/libglib-2.0.so.0.600.4) ==5880== by 0x80ACD04: (within /usr/sbin/ethereal) ==5880== by 0x8FD816: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x8F2284: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x90078A: (within /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x901EDF: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x902253: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x42B3B1B: gtk_button_clicked (in /usr/lib/libgtk-x11-2.0.so.0.600.7) ==5880== by 0x42B5138: (within /usr/lib/libgtk-x11-2.0.so.0.600.7) ==5880== by 0x42B51CF: (within /usr/lib/libgtk-x11-2.0.so.0.600.7) ==5880== by 0x436D351: (within /usr/lib/libgtk-x11-2.0.so.0.600.7) ==5880== Address 0x1CD245C0 is 0 bytes inside a block of size 2 free'd ==5880== at 0x1B908743: free (vg_replace_malloc.c:152) ==5880== by 0x888B43: g_free (in /usr/lib/libglib-2.0.so.0.600.4) ==5880== by 0x80ACCC4: (within /usr/sbin/ethereal) ==5880== by 0x8FD816: g_cclosure_marshal_VOID__VOID (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x8F2284: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x90078A: (within /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x901EDF: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x902253: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.600.4) ==5880== by 0x42B3B1B: gtk_button_clicked (in /usr/lib/libgtk-x11-2.0.so.0.600.7) ==5880== by 0x42B5138: (within /usr/lib/libgtk-x11-2.0.so.0.600.7) Maybe this isn't an ethereal issue, but a gtk one? I'm running gtk2-2.6.7-2 and glib2-2.6.4-1. Everything else is a day or two old Rawhide.
Hmm, still no luck reproducing it. And it seems I've got gtk2 and glib2 same as you have. I'm currently on FC4t2 with latest rawhide updates. And even valgrind doesn't show any memory violations .. $ rpm -q glib2 gtk2 glib2-2.6.4-1 gtk2-2.6.7-2
Please reopen if you still see this bug with ethereal-0.10.11.