Re: setfilter causes core on Solaris

[Guy Harris <guy () alum mit edu>]

On Dec 5, 2007, at 5:18 AM, Andy Howell wrote:

> I'm using pcap_dispatch to call my callback. Inside the callback, I  
> may set a new filter. This results in a core dump in bpf_filter.c,  
> line 239. Its calling abort because of a bad filter code. This will  
> only happen with a live capture.
>
> The bug is actually in pcap-dlpi.c. It keeps a pointer to the filter  
> code. Unfortunately the pointer never gets reset as long as there  
> are packets to read. Adding:
>
> fcode = p->fcode.bf_insns;
>
> after the callback returns takes care of the issue. I've attached a  
> patch and posted it as 1844245.

The same problem exists in some other pcap-XXX.c files.  I fixed it by  
getting rid of the fcode variable, and just passing the fcode.bf_insns  
member of the structure.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.