Qt Wireshark - Race issue when switching between files using Wireshark's "Files in Set" dialog

This issue was migrated from bug 10870 in our old bug tracker.

Original bug information:

Reporter: Jim Young
Status: RESOLVED FIXED
Product: Wireshark
Component: Qt UI
OS: All
Platform: x86
Version: Git

Attachments:

fileset-for-bug10870.tgz: This is a gzipped tar file containing a fileset of 72 2-packet capture files.

See also: Issue #13594 (closed)
Issue #14941

Jim Young said:

Build Information: Wireshark 1.99.2-747-g5162b7f1 (v1.99.2rc0-747-g5162b7f1 from unknown)

Copyright 1998-2015 Gerald Combs <gerald@‍wireshark.org> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with libpcap, without POSIX capabilities, with libz 1.2.3, with GLib 2.36.0, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.2, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, without PortAudio, with AirPcap.

Running on Mac OS X 10.8.5, build 12F45 (Darwin 12.5.0), with locale en_US.UTF-8, with libpcap version 1.1.1, with libz 1.2.5, with GnuTLS 2.12.19, with Gcrypt 1.5.0, without AirPcap. Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz (with SSE4.2)

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.9.00).

---

Using QT based Wireshark on OS X there is a race condition issue when switching between files using the "Files in Set" dialog which can raise the following message box:

Do you want to stop the capture and save the captured packets?
[Stop and Continue without Saving] [Cancel] [Stop and Save]

If one selects [Cancel] then QT Wireshark will crash. If one selects [Stop and Continue without Saving] then the message box goes away, but QT Wireshark's GUI will not allow one to open or close any capture file nor can one select "Quit"; the Wireshark process must be killed.

Background:

Wireshark has long supported a feature called "File Sets". Wireshark "File Sets" have a specific type of naming convention that is exploited using the "Files In Set" dialog. If the currently open capture file follows the Wireshark "File Set" naming convention then the "Files in Set" dialog is available from menu "File" -> "File Set" -> "List Files".

A Wireshark "File Set" can be created using tshark's and dumpcap's -b feature or within Wireshark's Capture dialog using the "Create a new file automatically" feature or using editcap's -c or -i split capture features.

Once the "Files in Set" dialog is open one can quickly switch between any of the files in "File Set" by simply selecting a different file name from the list.

If the File Set capture files are large (> 50MB) then it generally takes several seconds to fully load the capture file. If one selects a new trace file before the previous file has been completely loaded then the unexpected message box is displayed. The unexpected message box will also be presented by simply using the Up and Down arrow keys to quickly scroll up and down the list of files.

added uiqt versiondev labels

Alexis La Goutte said:

Jim, do you have always this issue ?

Jim Young said:

Hello Alexis,

I've tested with recent buildbot images from master (Version 2.1.0-3050-g72bba57d) on both OS X 10.10.5 and Windows 8.1.

I can easily force an issue on both OSes with even tiny capture files. Wireshark will effectively become non-responsive. Once unresponsive one can open some menus nut most of items (like Quit Wireshark) will be greyed and unavailable to select. Once Wireshark becomes unresponsive top reports Wireshark consuming 100%.

Interestingly I am not seeing the message box that I reported earlier. Instead I see a pair of messages in the console log (On OS X I start wireshark from terminal window, on Windows I have set preferences to always open a console window). Here's an annotated example of what I see on OS X once I've successfully opened the Files in Set dialog:

<snip>  
<=== Scroll to new file entry in "File in Set" dialog  
11:45:48     Main Dbg  Callback: Closing  
11:45:48     Main Dbg  Callback: Closed  
11:45:48     Main Dbg  Callback: Opened  
11:45:48     Main Dbg  Callback: Read started  
11:45:48     Main Dbg  Callback: Read finished  
<=== Next capture is displayed  
<=== Scroll to new file entry in "File in Set" dialog  
11:45:49     Main Dbg  Callback: Closing  
11:45:49     Main Dbg  Callback: Closed  
11:45:49     Main Dbg  Callback: Opened  
11:45:49     Main Dbg  Callback: Read started  
11:45:49     Main Dbg  Callback: Read finished  
<=== Next capture is displayed  
<=== Scroll to new file entry in "File in Set" dialog  
11:45:50     Main Dbg  Callback: Closing  
11:45:50     Main Dbg  Callback: Closed  
11:45:50     Main Dbg  Callback: Opened  
11:45:51     Main Dbg  Callback: Read started  
11:45:51     Main Dbg  Callback: Read finished  
<=== Next capture is displayed  
> <=== Scroll to new file entry in "File in Set" dialog  
> 11:45:51     Main Dbg  Callback: Closing  
> 11:45:51     Main Dbg  Callback: Closed  
> 11:45:51     Main Dbg  Callback: Opened  
> 11:45:51     Main Dbg  Callback: Read started  
> <=== Scroll to new file entry in "File in Set" dialog  
> 11:45:51  Capture Msg  Capture Stop ...  
> 11:45:51     Main Dbg  Callback: capture stopping  
> <=== Wireshark starts consuming 100% of CPU  
> <=== Scroll to new file entry in "File in Set" dialog  
> 11:45:51  Capture Msg  Capture Stop ...  
> 11:45:51     Main Dbg  Callback: capture stopping  
> <=== Scroll to new file entry in "File in Set" dialog  
> 11:45:51  Capture Msg  Capture Stop ...  
> 11:45:51     Main Dbg  Callback: capture stopping  
> <=== Wireshark terminated from console with CTRL-C.  
>^C  

Steps to reproduce:

Create a capture fileset. I created a series of small 2 packet captures by starting a once-a-second ping to some local target. Start Wireshark and open the Capture Options dialog. On the Input tab select the desired interface (if not already selected). Now open the Output tab. Enter a filename in the "Capture to a permanent file" (for example pingtest01.pcapng) and set the option entries to "Create a new file automatically ..." every 1 second. Start the capture and let it run run for 60 seconds of so. This should result in approximately 60 capture files (depending on when you Stop capturing). The last file in the capture set should be displayed.

At this point you should be able to open the "Files in Set" dialog (File | File Set | List) but for some reason when the Files in Set dialog is opened it sometimes reports in the title "No files in set" and in the Directory: field report "No capture opened". I've submitted Bug #12451 (closed) regarding the inconsistent ability to open the Files in Set dialog.

Once you have successfully opened the "File in Set" dialog and can see a set of captures start scrolling in the list to select a new capture file. As you scroll up and down a new capture file should be presented. But at some point if you scroll between multiple files Wireshark will become unresponsive.

Alexis La Goutte said:

Thanks Jim for the update...

But at some point if you scroll between multiple files Wireshark will become unresponsive

An crash ?

Jim Young said:

An crash ?

Nope not a crash. Wireshark is still open as is the Files in Set dialog. As I continue to scroll across other entries in the Files in Set dialog Wireshark will log a new pair of messages to the console:

> 11:45:51  Capture Msg  Capture Stop ...  
> 11:45:51     Main Dbg  Callback: capture stopping  

Note there was NO active capture running when this started. The first of these pair of messages appeared where I was instead expecting:

> 11:45:51     Main Dbg  Callback: Read finished  

I am able to close the Files in Set dialog but am unable to quit Wireshark. I have to force it to exit in some manner (in my case Ctrl-C via terminal window I launched it from).

Anders Broman said:

Another year and a half of Qt development :-) Still an issue?

Jim Young said:

Created attachment 15974
This is a gzipped tar file containing a fileset of 72 2-packet capture files.

Jim Young said:

Hello Anders,

Yes the issue persists. In fact I can now reliably trigger a crash. I've attached a gzipped tar file of a fileset that can be used.

Download the capture fileset.
Extract the files.
Open Wireshark.
Open the first file in the fileset.
Open the fileset dialog (File -> File Set -> List Files)
Click on the first entry in the Wireshark: NN Files In Set dialog.
Press the down arrow repeatedly to quickly select subsequent files in the fileset list.
Fun ensues.

> Process:               Wireshark [4267]  
> Path:                  /Applications/Wireshark.app/Contents/MacOS/Wireshark  
> Identifier:            org.wireshark.Wireshark  
> Version:               2.5.0-1659-geaee0678 (2.5.0-1659-geaee0678)  
> Code Type:             X86-64 (Native)  
> Parent Process:        bash [5780]  
> Responsible:           Terminal [5771]  
> User ID:               501  
>  
> Date/Time:             2017-11-19 23:40:39.698 -0500  
> OS Version:            Mac OS X 10.11.6 (15G17023)  
> Report Version:        11  
> Anonymous UUID:        A350FC94-1E0D-D9CF-BAAB-41F52DE1633C  
>  
> Sleep/Wake UUID:       A30629E5-933E-4B04-8207-8920DCC9AC7B  
>  
> Time Awake Since Boot: 1300000 seconds  
> Time Since Wake:       83000 seconds  
>  
> System Integrity Protection: enabled  
>  
> Crashed Thread:        0  Dispatch queue: com.apple.main-thread  
>  
> Exception Type:        EXC_BAD_ACCESS (SIGSEGV)  
> Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000060  
>  
> VM Regions Near 0x60:  
> -->  
>     __TEXT                 000000010f9fa000-00000001101a9000 [ 7868K] r-x/rwx SM=COW  /Applications/Wireshark.app/Contents/MacOS/Wireshark  
>  
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread  
> 0   libwiretap.0.0.0.dylib        	0x00000001155b3e24 file_tell + 4  
> 1   libwiretap.0.0.0.dylib        	0x00000001155d4b8b 0x1155a0000 + 215947  
> 2   libwiretap.0.0.0.dylib        	0x00000001155de96a wtap_read + 74  
> 3   org.wireshark.Wireshark       	0x000000010fa0d7f7 cf_read + 1495  
> 4   org.wireshark.Wireshark       	0x000000010fba3bfc MainWindow::openCaptureFile(QString, QString, unsigned int, int) + 1692  
> 5   org.wireshark.Wireshark       	0x000000010fb8569d MainWindow::openCaptureFile(QString, QString) + 121  
> 6   org.wireshark.Wireshark       	0x000000010fdbe988 MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 1868  
> 7   QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 8   org.wireshark.Wireshark       	0x000000010fdcbac4 FileSetDialog::fileSetOpenCaptureFile(QString) + 38  
> 9   org.wireshark.Wireshark       	0x000000010faa49fa FileSetDialog::on_fileSetTree_currentItemChanged(QTreeWidgetItem*, QTreeWidgetItem*) + 208  
> 10  org.wireshark.Wireshark       	0x000000010fdc53a8 FileSetDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 200  
> 11  org.wireshark.Wireshark       	0x000000010fdd6719 FileSetDialog::qt_metacall(QMetaObject::Call, int, void**) + 75  
> 12  QtCore                        	0x000000011524996f QMetaObject::activate(QObject*, int, int, void**) + 1359  
> 13  QtWidgets                     	0x0000000110755f75 0x11049f000 + 2846581  
> 14  QtWidgets                     	0x0000000110759713 0x11049f000 + 2860819  
> 15  QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 16  QtCore                        	0x00000001151d6977 QItemSelectionModel::setCurrentIndex(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) + 215  
> 17  QtWidgets                     	0x00000001106ea21c QAbstractItemView::keyPressEvent(QKeyEvent*) + 2476  
> 18  QtWidgets                     	0x0000000110726a40 QTreeView::keyPressEvent(QKeyEvent*) + 784  
> 19  QtWidgets                     	0x0000000110504bb6 QWidget::event(QEvent*) + 3974  
> 20  QtWidgets                     	0x00000001105e47a7 QFrame::event(QEvent*) + 183  
> 21  QtWidgets                     	0x000000011066268a QAbstractScrollArea::event(QEvent*) + 1562  
> 22  QtWidgets                     	0x00000001106e64b4 QAbstractItemView::event(QEvent*) + 500  
> 23  QtWidgets                     	0x0000000110758d8f QTreeWidget::event(QEvent*) + 63  
> 24  QtWidgets                     	0x00000001104cbffc QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300  
> 25  QtWidgets                     	0x00000001104cdce0 QApplication::notify(QObject*, QEvent*) + 2640  
> 26  QtCore                        	0x0000000115215932 QCoreApplication::notifyInternal(QObject*, QEvent*) + 114  
> 27  QtWidgets                     	0x00000001105218b4 0x11049f000 + 534708  
> 28  QtWidgets                     	0x00000001104cbffc QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300  
> 29  QtWidgets                     	0x00000001104ceabb QApplication::notify(QObject*, QEvent*) + 6187  
> 30  QtCore                        	0x0000000115215932 QCoreApplication::notifyInternal(QObject*, QEvent*) + 114  
> 31  QtGui                         	0x0000000114b2417e QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) + 190  
> 32  QtGui                         	0x0000000114b229e3 QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) + 1267  
> 33  QtGui                         	0x0000000114b111cb QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 315  
> 34  libqcocoa.dylib               	0x0000000118532f0d 0x118513000 + 130829  
> 35  libqcocoa.dylib               	0x00000001185322ef 0x118513000 + 127727  
> 36  org.wireshark.Wireshark       	0x000000010fbb3e8f MainWindow::captureFileReadStarted(QString const&) + 397  
> 37  org.wireshark.Wireshark       	0x000000010fde4ec9 MainWindow::captureFileReadStarted() + 59  
> 38  org.wireshark.Wireshark       	0x000000010fdbee5d MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 3105  
> 39  QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 40  org.wireshark.Wireshark       	0x000000010fa4f9c6 CaptureFile::captureFileEvent(int, void*) + 556  
> 41  org.wireshark.Wireshark       	0x000000010fa0d361 cf_read + 321  
> 42  org.wireshark.Wireshark       	0x000000010fba3bfc MainWindow::openCaptureFile(QString, QString, unsigned int, int) + 1692  
> 43  org.wireshark.Wireshark       	0x000000010fb8569d MainWindow::openCaptureFile(QString, QString) + 121  
> 44  org.wireshark.Wireshark       	0x000000010fdbe988 MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 1868  
> 45  QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 46  org.wireshark.Wireshark       	0x000000010fdcbac4 FileSetDialog::fileSetOpenCaptureFile(QString) + 38  
> 47  org.wireshark.Wireshark       	0x000000010faa49fa FileSetDialog::on_fileSetTree_currentItemChanged(QTreeWidgetItem*, QTreeWidgetItem*) + 208  
> 48  org.wireshark.Wireshark       	0x000000010fdc53a8 FileSetDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 200  
> 49  org.wireshark.Wireshark       	0x000000010fdd6719 FileSetDialog::qt_metacall(QMetaObject::Call, int, void**) + 75  
> 50  QtCore                        	0x000000011524996f QMetaObject::activate(QObject*, int, int, void**) + 1359  
> 51  QtWidgets                     	0x0000000110755f75 0x11049f000 + 2846581  
> 52  QtWidgets                     	0x0000000110759713 0x11049f000 + 2860819  
> 53  QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 54  QtCore                        	0x00000001151d6977 QItemSelectionModel::setCurrentIndex(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) + 215  
> 55  QtWidgets                     	0x00000001106ea21c QAbstractItemView::keyPressEvent(QKeyEvent*) + 2476  
> 56  QtWidgets                     	0x0000000110726a40 QTreeView::keyPressEvent(QKeyEvent*) + 784  
> 57  QtWidgets                     	0x0000000110504bb6 QWidget::event(QEvent*) + 3974  
> 58  QtWidgets                     	0x00000001105e47a7 QFrame::event(QEvent*) + 183  
> 59  QtWidgets                     	0x000000011066268a QAbstractScrollArea::event(QEvent*) + 1562  
> 60  QtWidgets                     	0x00000001106e64b4 QAbstractItemView::event(QEvent*) + 500  
> 61  QtWidgets                     	0x0000000110758d8f QTreeWidget::event(QEvent*) + 63  
> 62  QtWidgets                     	0x00000001104cbffc QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300  
> 63  QtWidgets                     	0x00000001104cdce0 QApplication::notify(QObject*, QEvent*) + 2640  
> 64  QtCore                        	0x0000000115215932 QCoreApplication::notifyInternal(QObject*, QEvent*) + 114  
> 65  QtWidgets                     	0x00000001105218b4 0x11049f000 + 534708  
> 66  QtWidgets                     	0x00000001104cbffc QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300  
> 67  QtWidgets                     	0x00000001104ceabb QApplication::notify(QObject*, QEvent*) + 6187  
> 68  QtCore                        	0x0000000115215932 QCoreApplication::notifyInternal(QObject*, QEvent*) + 114  
> 69  QtGui                         	0x0000000114b2417e QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) + 190  
> 70  QtGui                         	0x0000000114b229e3 QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) + 1267  
> 71  QtGui                         	0x0000000114b111cb QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 315  
> 72  libqcocoa.dylib               	0x0000000118532f0d 0x118513000 + 130829  
> 73  libqcocoa.dylib               	0x00000001185322ef 0x118513000 + 127727  
> 74  org.wireshark.Wireshark       	0x000000010fbb3e8f MainWindow::captureFileReadStarted(QString const&) + 397  
> 75  org.wireshark.Wireshark       	0x000000010fde4ec9 MainWindow::captureFileReadStarted() + 59  
> 76  org.wireshark.Wireshark       	0x000000010fdbee5d MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 3105  
> 77  QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 78  org.wireshark.Wireshark       	0x000000010fa4f9c6 CaptureFile::captureFileEvent(int, void*) + 556  
> 79  org.wireshark.Wireshark       	0x000000010fa0d361 cf_read + 321  
> 80  org.wireshark.Wireshark       	0x000000010fba3bfc MainWindow::openCaptureFile(QString, QString, unsigned int, int) + 1692  
> 81  org.wireshark.Wireshark       	0x000000010fb8569d MainWindow::openCaptureFile(QString, QString) + 121  
> 82  org.wireshark.Wireshark       	0x000000010fdbe988 MainWindow::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 1868  
> 83  QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 84  org.wireshark.Wireshark       	0x000000010fdcbac4 FileSetDialog::fileSetOpenCaptureFile(QString) + 38  
> 85  org.wireshark.Wireshark       	0x000000010faa49fa FileSetDialog::on_fileSetTree_currentItemChanged(QTreeWidgetItem*, QTreeWidgetItem*) + 208  
> 86  org.wireshark.Wireshark       	0x000000010fdc53a8 FileSetDialog::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) + 200  
> 87  org.wireshark.Wireshark       	0x000000010fdd6719 FileSetDialog::qt_metacall(QMetaObject::Call, int, void**) + 75  
> 88  QtCore                        	0x000000011524996f QMetaObject::activate(QObject*, int, int, void**) + 1359  
> 89  QtWidgets                     	0x0000000110755f75 0x11049f000 + 2846581  
> 90  QtWidgets                     	0x0000000110759713 0x11049f000 + 2860819  
> 91  QtCore                        	0x0000000115249b6f QMetaObject::activate(QObject*, int, int, void**) + 1871  
> 92  QtCore                        	0x00000001151d6977 QItemSelectionModel::setCurrentIndex(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) + 215  
> 93  QtWidgets                     	0x00000001106ea21c QAbstractItemView::keyPressEvent(QKeyEvent*) + 2476  
> 94  QtWidgets                     	0x0000000110726a40 QTreeView::keyPressEvent(QKeyEvent*) + 784  
> 95  QtWidgets                     	0x0000000110504bb6 QWidget::event(QEvent*) + 3974  
> 96  QtWidgets                     	0x00000001105e47a7 QFrame::event(QEvent*) + 183  
> 97  QtWidgets                     	0x000000011066268a QAbstractScrollArea::event(QEvent*) + 1562  
> 98  QtWidgets                     	0x00000001106e64b4 QAbstractItemView::event(QEvent*) + 500  
> 99  QtWidgets                     	0x0000000110758d8f QTreeWidget::event(QEvent*) + 63  
> 100 QtWidgets                     	0x00000001104cbffc QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300  
> 101 QtWidgets                     	0x00000001104cdce0 QApplication::notify(QObject*, QEvent*) + 2640  
> 102 QtCore                        	0x0000000115215932 QCoreApplication::notifyInternal(QObject*, QEvent*) + 114  
> 103 QtWidgets                     	0x00000001105218b4 0x11049f000 + 534708  
> 104 QtWidgets                     	0x00000001104cbffc QApplicationPrivate::notify_helper(QObject*, QEvent*) + 300  
> 105 QtWidgets                     	0x00000001104ceabb QApplication::notify(QObject*, QEvent*) + 6187  
> 106 QtCore                        	0x0000000115215932 QCoreApplication::notifyInternal(QObject*, QEvent*) + 114  
> 107 QtGui                         	0x0000000114b2417e QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) + 190  
> 108 QtGui                         	0x0000000114b229e3 QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) + 1267  
> 109 QtGui                         	0x0000000114b111cb QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 315  
> 110 libqcocoa.dylib               	0x0000000118532f0d 0x118513000 + 130829  
> 111 libqcocoa.dylib               	0x00000001185338a8 0x118513000 + 133288  
> 112 com.apple.CoreFoundation      	0x00007fff86f877e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17  
> 113 com.apple.CoreFoundation      	0x00007fff86f66f0c __CFRunLoopDoSources0 + 556  
> 114 com.apple.CoreFoundation      	0x00007fff86f6642f __CFRunLoopRun + 927  
> 115 com.apple.CoreFoundation      	0x00007fff86f65e28 CFRunLoopRunSpecific + 296  
> 116 com.apple.HIToolbox           	0x00007fff9519e935 RunCurrentEventLoopInMode + 235  
> 117 com.apple.HIToolbox           	0x00007fff9519e677 ReceiveNextEventCommon + 184  
> 118 com.apple.HIToolbox           	0x00007fff9519e5af _BlockUntilNextEventMatchingListInModeWithFilter + 71  
> 119 com.apple.AppKit              	0x00007fff97d8edf6 _DPSNextEvent + 1067  
> 120 com.apple.AppKit              	0x00007fff97d8e226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454  
> 121 com.apple.AppKit              	0x00007fff97d82d80 -[NSApplication run] + 682  
> 122 libqcocoa.dylib               	0x00000001185325e4 0x118513000 + 128484  
> 123 QtCore                        	0x00000001152129ad QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 381  
> 124 QtCore                        	0x0000000115215ee7 QCoreApplication::exec() + 359  
> 125 org.wireshark.Wireshark       	0x000000010fa05aed main + 4173  
> 126 org.wireshark.Wireshark       	0x000000010fa04a84 start + 52

Peter Wu said:

I could reproduce it as described in comment 7. To create the test captures, I used:

randpkt -c 100000 big.pcap
editcap big.pcap split.pcap -c 10000

Note that opening a capture file with "wireshark -r" did not work, you really have to use the "Open" function in the GUI.

Peter Wu said:

The call trace of the problematic scenario matches #13594 (comment 400724361), again the dialog callback ends up destroying stuff too early:

#4  0x00005555565c16ce in cf_close  file.c:361
#5  0x00005555565bf33d in cf_open  file.c:261
#6  0x000055555683ea0f in MainWindow::openCaptureFile ui/qt/main_window_slots.cpp:235
#7  0x000055555677e188 in MainWindow::openCaptureFile ui/qt/main_window.h:301
...
#10 0x0000555557569288 in FileSetDialog::fileSetOpenCaptureFile ui/qt/qtui_autogen/EWIEGA46WW/moc_file_set_dialog.cpp:154
...
#18 0x00007fffddc0ccaf in QTreeView::setSelection /usr/lib/libQt5Widgets.so.5
...
#39 0x00005555569cb97d in update_progress_dlg ui/qt/progress_frame.cpp:77
#40 0x00005555565c567b in cf_read  file.c:609
#41 0x000055555683ec10 in MainWindow::openCaptureFile ui/qt/main_window_slots.cpp:246
#42 0x000055555677e188 in MainWindow::openCaptureFile ui/qt/main_window.h:301
#43 0x0000555556882d30 in MainWindow::on_actionFileOpen_triggered ui/qt/main_window_slots.cpp:1670
...
#62 0x00005555566817c9 in main ui/qt/main.cpp:908

Gerrit Code Review said:

Change 28541 had a related patch set uploaded by Peter Wu:
Qt: fix crash on changing capture file while loading a previous one

https://code.wireshark.org/review/28541

Gerrit Code Review said:

Change 28542 had a related patch set uploaded by Peter Wu:
file: add more sanity checks to detect UI/file loading issues

https://code.wireshark.org/review/28542

Gerrit Code Review said:

Change 28541 merged by Anders Broman:
Qt: fix crash on opening a capture file while loading/saving another

https://code.wireshark.org/review/28541

Gerrit Code Review said:

Change 28578 had a related patch set uploaded by Peter Wu:
Qt: fix crash on opening a capture file while loading/saving another

https://code.wireshark.org/review/28578

Gerrit Code Review said:

Change 28579 had a related patch set uploaded by Peter Wu:
file: add more sanity checks to detect UI/file loading issues

https://code.wireshark.org/review/28579

Gerrit Code Review said:

Change 28578 merged by Peter Wu:
Qt: fix crash on opening a capture file while loading/saving another

https://code.wireshark.org/review/28578

Peter Wu said:

Fixed the crashes in: v2.9.0rc0-1153-g536e26c5 v2.6.2rc0-130-gc1fb20ad

Note: there might be some interaction glitches (e.g. file open actions that are ignored), but not crashing should already be an improvement on itself.

Jim Young said:

Change 28578 merged by Peter Wu:
Qt: fix crash on opening a capture file while loading/saving another
...
Note: there might be some interaction glitches (e.g. file open actions that are ignored), but not crashing should already be an improvement on itself.

Confirm that this patch appears to prevent crashes that were previously so easy to trigger.

Also confirm some UI interaction glitches. Specifically within the fileset dialog when quickly switching between entries (with keyboard or mouse) the entry ultimately selected in the fileset dialog may not in fact be the one displayed in Wireshark. Clicking on the selected entry in the fileset dialog will not re-trigger the an open event. To open the selected entry one must select another entry in the fileset dialog and then come back to the originally selected entry.

Peter Wu said:

(In reply to Jim Young from #10870 (comment 400694059))

Also confirm some UI interaction glitches. Specifically within the fileset dialog when quickly switching between entries (with keyboard or mouse) the entry ultimately selected in the fileset dialog may not in fact be the one displayed in Wireshark. Clicking on the selected entry in the fileset dialog will not re-trigger the an open event. To open the selected entry one must select another entry in the fileset dialog and then come back to the originally selected entry.

That is a side-effect of the current "fix". Previously it would happily proceed and try to destroy the ongoing capture file data structures. Now it will refuse to do that, but it will not try to open the capture file either. If you watch your console output, you will see a number of messages such as:

Warn Refusing to close "split_00002_19691231213320.pcap" which is being read.

Actually addressing that is a bit harder. Some options:

1. When MainWindow::openCaptureFile is called but not possible, save the filename and "somehow" queue it until "cf_read" (or similar) returns.
   • Problem: cannot directly emit a signal since that would keep "update_progress_dlg" looping forever in "WiresharkApplication::processEvents".
   • Possible workaround: cancel any pending timers and start a new one that executes in 100ms, hopefully "cf_open" has returned by then.
2. More rigorous: modify "cf_read" and friends not to call "update_progress_dlg". Instead create a second thread for I/O and let the main (GUI) thread interact with it through signals. Adds various thread safety issues. Adding Gerald in cc, perhaps he has some further input for this approach.

Jim, do you want to reopen this bug to address the above glitch or create a new one?