Wireshark mailing list archives
SVN revision 36849 crashing in packet_range_init function
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Tue, 26 Apr 2011 11:20:32 +0200
Hi, with revision 36849, when I call tshark to decode in verbose mode a pcap file containing a single packet I get the following backtrace: tshark -r temp.pcap -V Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb571c8e0 (LWP 11951)] packet_range_init (range=0xbfd9f550) at packet-range.c:88 88 if (packet->flags.passed_dfilter) { (gdb) bt #0 packet_range_init (range=0xbfd9f550) at packet-range.c:88 #1 0x0806bac6 in print_packet (cf=0x80a5d40, edt=0xbfd9f5f8) at tshark.c:3239 #2 0x0806c395 in process_packet (cf=0x80a5d40, offset=<value optimized out>, whdr=0x9125f40, pseudo_header=0x9125f54, pd=0x912b730 "h\022\230\b��\001\203��s?E��+\230!Ll�", filtering_tap_listeners=0, tap_flags=<value optimized out>) at tshark.c:2905 #3 0x0806f4ea in main (argc=4, argv=0xbfd9fc84) at tshark.c:2705 When launching tshark without the verbose flag, the crash is not seen. When looking at the revision log, I can see that the code was changed from: for(packet = cfile.plist_start; packet != NULL; packet = packet->next) { to for(framenum = 1; framenum <= cfile.count; framenum++) { packet = cap_file_find_fdata(&cfile, framenum); In my use case, packet is set to NULL, leading to the segmentation fault. When looking at tshark.c source code, I can see that process_packet() does not call cap_file_add_fdata() while process_packet_first_pass() does. As a consequence the cf->ptree_root pointer is not allocated and the call to cap_file_find_fdata() will provide an uninitialized address. The following patch solves my crash: Index: tshark.c =================================================================== --- tshark.c (revision 36849) +++ tshark.c (working copy) @@ -2830,9 +2830,6 @@ epan_dissect_t edt; gboolean passed; - /* Count this packet. */ - cf->count++; - /* If we're not running a display filter and we're not printing any packet information, we don't need to do a dissection. This means that all packets can be marked as 'passed'. */ @@ -2896,6 +2893,7 @@ if (passed) { frame_data_set_after_dissect(&fdata, &cum_bytes, &prev_dis_ts); + cap_file_add_fdata(cf, &fdata); /* Process this packet. */ if (print_packet_info) { But I'm not sure this is the right way to fix this. Can someone comment ? Thanks, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- SVN revision 36849 crashing in packet_range_init function Pascal Quantin (Apr 26)
- Re: SVN revision 36849 crashing in packet_range_init function Bill Meier (Apr 26)