search

FoxIO-LLC / ja4

JA4+ is a suite of network fingerprinting standards
https://foxio.io
Other
774 stars 65 forks source link

crashed: call locate_tree #124

Open ccy234 opened 3 weeks ago

ccy234 commented 3 weeks ago

Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000066629ae6 Exception Codes: 0x0000000000000001, 0x0000000066629ae6

Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11 Terminating Process: exc handler [34872]

VM Region Info: 0x66629ae6 is not in any region. Bytes before following region: 2585634074 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START --->
__TEXT 100804000-100fc0000 [ 7920K] r-x/r-x SM=COW ...cOS/Wireshark

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_platform.dylib 0x1a6d83b3c _platform_strcmp + 12 1 ja4.so 0x1271ca18c locate_tree + 88 2 ja4.so 0x1271ceebc display_hashes_from_packet_table + 96 3 ja4.so 0x1271cf524 tap_all + 68 4 libwireshark.17.dylib 0x10c8efe84 tap_push_tapped_queue + 264 5 libwireshark.17.dylib 0x10c8a5388 epan_dissect_run_with_taps + 92 6 Wireshark 0x100c3cf08 add_packet_to_packet_list + 164 7 Wireshark 0x100c37638 read_record + 576 8 Wireshark 0x100c37f20 cf_continue_tail + 556 9 Wireshark 0x100c41c40 capture_input_new_packets + 252 10 Wireshark 0x100c615f4 pipe_io_cb + 752 11 libglib-2.0.0.dylib 0x10290f048 g_main_context_dispatch + 392 12 Wireshark 0x100911e44 GLibMainloopOnQEventLoop::checkAndDispatch() + 104 13 QtCore 0x1037f75ec QObject::event(QEvent) + 584 14 QtWidgets 0x1020c8c18 QApplicationPrivate::notify_helper(QObject, QEvent) + 272 15 QtWidgets 0x1020c9e4c QApplication::notify(QObject, QEvent) + 532 16 QtCore 0x1037b71f4 QCoreApplication::notifyInternal2(QObject, QEvent) + 208 17 QtCore 0x1037b8548 QCoreApplicationPrivate::sendPostedEvents(QObject, int, QThreadData) + 828 18 libqcocoa.dylib 0x1042f5754 QCocoaEventDispatcherPrivate::processPostedEvents() + 312 19 libqcocoa.dylib 0x1042f5db8 QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void) + 48 20 CoreFoundation 0x1a6e3663c CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 28 21 CoreFoundation 0x1a6e365d0 CFRunLoopDoSource0 + 176 22 CoreFoundation 0x1a6e36340 CFRunLoopDoSources0 + 244 23 CoreFoundation 0x1a6e34f48 __CFRunLoopRun + 828 24 CoreFoundation 0x1a6e344b8 CFRunLoopRunSpecific + 612 25 HIToolbox 0x1b0686df0 RunCurrentEventLoopInMode + 292 26 HIToolbox 0x1b0686c2c ReceiveNextEventCommon + 648 27 HIToolbox 0x1b0686984 _BlockUntilNextEventMatchingListInModeWithFilter + 76 28 AppKit 0x1aa05b97c _DPSNextEvent + 636 29 AppKit 0x1aa05ab18 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 716 30 AppKit 0x1aa04ef7c -[NSApplication run] + 464 31 libqcocoa.dylib 0x1042f4cd4 QCocoaEventDispatcher::processEvents(QFlags) + 1712 32 QtCore 0x1037c055c QEventLoop::exec(QFlags) + 500 33 QtCore 0x1037b78d0 QCoreApplication::exec() + 128 34 Wireshark 0x1009932c0 main + 3680 35 dyld 0x1a69fff28 start + 2236

noeltimothy commented 1 week ago

looking into this

ccy234 commented 1 week ago

The crash occurred during wireshark capture. I have not seen it before when analyzing pcap files. I tried to fix this but could not. Hope this information helps