Wireshark · Ethereal-dev: [Ethereal-dev] 0.8.19 -- segfault in dissect_packet

Ethereal-dev: [Ethereal-dev] 0.8.19 -- segfault in dissect_packet

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Pierre Fortin <pfortin@xxxxxxxxxxx>
Date: Mon, 24 Sep 2001 13:05:48 -0400
>  ethereal 0.8.19, compiled with GTK+ 1.2.10,
>  with GLib 1.2.10, with libpcap 0.5,
>  with libz 1.1.3, without SNMP

Hi,

Using the default capture, ethereal will run until I click Stop at which time it
segfaults.

Setting "Update packets in real-time", it will segfault within one second.

If I "gdb ethereal" and "breakpoint dissect_packet", the "Capture" window keeps
incrementing packet counts.  At the end of the info below, I also included the
registers at the breakpoint.

HTH,
Pierre

PS: I rarely use gdb, so I hope the following is useful...


(gdb) where
#0  0x81bb244 in dissect_packet ()
(gdb) info frame
Stack level 0, frame at 0x0:
 eip = 0x81bb244 in dissect_packet; saved eip Cannot access memory at address
0x4
(gdb) info all-reg
eax            0x836dbb0        137812912
ecx            0x607144ff       1618035967
edx            0x81ba63c        136029756
ebx            0xa8c07059       -1463783335
esp            0xbfffd1e0       0xbfffd1e0
ebp            0x0      0x0
esi            0x838fa68        137951848
edi            0x0      0
eip            0x81bb244        0x81bb244
eflags         0x10286  66182
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x2b     43
gs             0x2b     43
st0            0.86298924238956287169344250287394971    (raw
0x3ffedcecdcecdcece000)
st1            0.5      (raw 0x3ffe8000000000000000)
st2            1.7259784847791257433868850057478994     (raw
0x3fffdcecdcecdcece000)
st3            0        (raw 0x00000000000000000000)
st4            65535    (raw 0x400effff000000000000)
st5            515      (raw 0x400880c0000000000000)
st6            0.5      (raw 0x3ffe8000000000000000)
st7            430      (raw 0x4007d700000000000000)
fctrl          0x37f    895
fstat          0x120    288
ftag           0xffff   65535
fiseg          0x23     35
fioff          0x4019c899       1075431577
foseg          0x2b     43
fooff          0xbfffb700       -1073760512
fop            0x35d    861

(gdb) disass 0x81bb244
Dump of assembler code for function dissect_packet:
0x81bb1a0 <dissect_packet>:     push   %ebx
0x81bb1a1 <dissect_packet+1>:   sub    $0xd8,%esp
0x81bb1a7 <dissect_packet+7>:   mov    0xe4(%esp,1),%ebx
0x81bb1ae <dissect_packet+14>:  call   0x81bc580 <blank_packetinfo>
0x81bb1b3 <dissect_packet+19>:  mov    0xec(%esp,1),%edx
0x81bb1ba <dissect_packet+26>:  sub    $0x8,%esp
0x81bb1bd <dissect_packet+29>:  mov    %ebx,0x82c172c
0x81bb1c3 <dissect_packet+35>:  mov    0x14(%edx),%eax
0x81bb1c6 <dissect_packet+38>:  mov    %edx,0x82c1724
0x81bb1cc <dissect_packet+44>:  mov    %eax,0x82c1730
0x81bb1d1 <dissect_packet+49>:  mov    0x18(%edx),%eax
0x81bb1d4 <dissect_packet+52>:  push   $0x1
0x81bb1d6 <dissect_packet+54>:  push   %edx
0x81bb1d7 <dissect_packet+55>:  mov    %eax,0x82c1734
0x81bb1dc <dissect_packet+60>:  call   0x81ba3e0 <col_set_writable>
0x81bb1e1 <dissect_packet+65>:  push   $0x1
0x81bb1e3 <dissect_packet+67>:  push   $0x81ec3a0
0x81bb1e8 <dissect_packet+72>:  lea    0x18(%esp,1),%eax
0x81bb1ec <dissect_packet+76>:  push   %eax
0x81bb1ed <dissect_packet+77>:  lea    0xdc(%esp,1),%eax
0x81bb1f4 <dissect_packet+84>:  push   %eax
0x81bb1f5 <dissect_packet+85>:  call   0x81ba850 <except_setup_try>
0x81bb1fa <dissect_packet+90>:  add    $0x14,%esp
0x81bb1fd <dissect_packet+93>:  lea    0x24(%esp,1),%eax
0x81bb201 <dissect_packet+97>:  push   %eax
0x81bb202 <dissect_packet+98>:  call   0x80668e0 <_setjmp>
0x81bb207 <dissect_packet+103>: xor    %edx,%edx
0x81bb209 <dissect_packet+105>: add    $0x10,%esp
0x81bb20c <dissect_packet+108>: test   %eax,%eax
0x81bb20e <dissect_packet+110>: sete   %dl
0x81bb211 <dissect_packet+113>: lea    0x8(%esp,1),%ecx
---Type <return> to continue, or q <return> to quit---
0x81bb215 <dissect_packet+117>: dec    %edx
0x81bb216 <dissect_packet+118>: and    %edx,%ecx
0x81bb218 <dissect_packet+120>: test   %ecx,%ecx
0x81bb21a <dissect_packet+122>: jne    0x81bb276 <dissect_packet+214>
0x81bb21c <dissect_packet+124>: push   $0x8267f4f
0x81bb221 <dissect_packet+129>: mov    0xf0(%esp,1),%eax
0x81bb228 <dissect_packet+136>: mov    0x14(%eax),%edx
0x81bb22b <dissect_packet+139>: push   %edx
0x81bb22c <dissect_packet+140>: mov    0x18(%eax),%ebx
0x81bb22f <dissect_packet+143>: push   %ebx
0x81bb230 <dissect_packet+144>: mov    0xf4(%esp,1),%ecx
0x81bb237 <dissect_packet+151>: push   %ecx
0x81bb238 <dissect_packet+152>: call   0x81c5d00 <tvb_new_real_data>
0x81bb23d <dissect_packet+157>: mov    0xf0(%esp,1),%edx
0x81bb244 <dissect_packet+164>: mov    %eax,(%edx)       <----------------
0x81bb246 <dissect_packet+166>: pop    %ebx
0x81bb247 <dissect_packet+167>: pop    %edx
0x81bb248 <dissect_packet+168>: push   %eax
0x81bb249 <dissect_packet+169>: mov    0xf8(%esp,1),%eax
0x81bb250 <dissect_packet+176>: mov    0xc(%eax),%ecx
0x81bb253 <dissect_packet+179>: push   %ecx
0x81bb254 <dissect_packet+180>: call   0x8066120 <g_slist_append>
0x81bb259 <dissect_packet+185>: mov    0xfc(%esp,1),%edx
0x81bb260 <dissect_packet+192>: mov    %eax,0xc(%edx)
0x81bb263 <dissect_packet+195>: mov    0xf0(%esp,1),%edx
0x81bb26a <dissect_packet+202>: add    $0x10,%esp
0x81bb26d <dissect_packet+205>: mov    (%edx),%eax
0x81bb26f <dissect_packet+207>: mov    %eax,0x82c1728
0x81bb274 <dissect_packet+212>: jmp    0x81bb2e8 <dissect_packet+328>
0x81bb276 <dissect_packet+214>: mov    0x4(%ecx),%eax
0x81bb279 <dissect_packet+217>: cmp    $0x1,%eax
0x81bb27c <dissect_packet+220>: jne    0x81bb290 <dissect_packet+240>
---Type <return> to continue, or q <return> to quit---
0x81bb27e <dissect_packet+222>: sub    $0x8,%esp
0x81bb281 <dissect_packet+225>: push   $0x8268f30
0x81bb286 <dissect_packet+230>: push   $0xc4
0x81bb28b <dissect_packet+235>: jmp    0x81bb2d2 <dissect_packet+306>
0x81bb28d <dissect_packet+237>: lea    0x0(%esi),%esi
0x81bb290 <dissect_packet+240>: cmp    $0x2,%eax
0x81bb293 <dissect_packet+243>: jne    0x81bb2e8 <dissect_packet+328>
0x81bb295 <dissect_packet+245>: mov    0x82a6150,%eax
0x81bb29a <dissect_packet+250>: cmp    $0xffffffff,%eax
0x81bb29d <dissect_packet+253>: je     0x81bb2c5 <dissect_packet+293>
0x81bb29f <dissect_packet+255>: sub    $0x8,%esp
0x81bb2a2 <dissect_packet+258>: push   $0x82691a0
0x81bb2a7 <dissect_packet+263>: push   $0x0
0x81bb2a9 <dissect_packet+265>: push   $0x0
0x81bb2ab <dissect_packet+267>: mov    0xf4(%esp,1),%edx
0x81bb2b2 <dissect_packet+274>: mov    (%edx),%edx
0x81bb2b4 <dissect_packet+276>: push   %edx
0x81bb2b5 <dissect_packet+277>: push   %eax
0x81bb2b6 <dissect_packet+278>: mov    0x10c(%esp,1),%eax
0x81bb2bd <dissect_packet+285>: push   %eax
0x81bb2be <dissect_packet+286>: call   0x81bd5b0
<proto_tree_add_protocol_format>
0x81bb2c3 <dissect_packet+291>: jmp    0x81bb2e5 <dissect_packet+325>
0x81bb2c5 <dissect_packet+293>: sub    $0x8,%esp
0x81bb2c8 <dissect_packet+296>: push   $0x8268f30
0x81bb2cd <dissect_packet+301>: push   $0xcc
0x81bb2d2 <dissect_packet+306>: push   $0x8268f3f
0x81bb2d7 <dissect_packet+311>: push   $0x81ff2a0
0x81bb2dc <dissect_packet+316>: push   $0x4
0x81bb2de <dissect_packet+318>: push   $0x0
0x81bb2e0 <dissect_packet+320>: call   0x8066700 <g_log>
0x81bb2e5 <dissect_packet+325>: add    $0x20,%esp
0x81bb2e8 <dissect_packet+328>: sub    $0xc,%esp
---Type <return> to continue, or q <return> to quit---
0x81bb2eb <dissect_packet+331>: mov    0x20(%esp,1),%ebx
0x81bb2ef <dissect_packet+335>: push   %ebx
0x81bb2f0 <dissect_packet+336>: call   0x81baaf0 <except_free>
0x81bb2f5 <dissect_packet+341>: call   0x81ba890 <except_pop>
0x81bb2fa <dissect_packet+346>: mov    0x82a6154,%eax
0x81bb2ff <dissect_packet+351>: add    $0x10,%esp
0x81bb302 <dissect_packet+354>: test   %eax,%eax
0x81bb304 <dissect_packet+356>: je     0x81bb326 <dissect_packet+390>
0x81bb306 <dissect_packet+358>: mov    0xf0(%esp,1),%ecx
0x81bb30d <dissect_packet+365>: push   %ecx
0x81bb30e <dissect_packet+366>: push   $0x82c1720
0x81bb313 <dissect_packet+371>: mov    0xe8(%esp,1),%edx
0x81bb31a <dissect_packet+378>: mov    (%edx),%edx
0x81bb31c <dissect_packet+380>: push   %edx
0x81bb31d <dissect_packet+381>: push   %eax
0x81bb31e <dissect_packet+382>: call   0x81bc1a0 <call_dissector>
0x81bb323 <dissect_packet+387>: add    $0x10,%esp
0x81bb326 <dissect_packet+390>: mov    0xec(%esp,1),%eax
0x81bb32d <dissect_packet+397>: orb    $0x8,0x40(%eax)
0x81bb331 <dissect_packet+401>: add    $0xd8,%esp
0x81bb337 <dissect_packet+407>: pop    %ebx
0x81bb338 <dissect_packet+408>: ret
0x81bb339 <dissect_packet+409>: lea    0x0(%esi,1),%esi
End of assembler dump.

Called from: 

Dump of assembler code for function epan_dissect_new:
0x81ba5f0 <epan_dissect_new>:   push   %edi
0x81ba5f1 <epan_dissect_new+1>: push   %esi
0x81ba5f2 <epan_dissect_new+2>: push   %ebx
0x81ba5f3 <epan_dissect_new+3>: mov    0x18(%esp,1),%esi
0x81ba5f7 <epan_dissect_new+7>: mov    0x1c(%esp,1),%edi
0x81ba5fb <epan_dissect_new+11>:        sub    $0xc,%esp
0x81ba5fe <epan_dissect_new+14>:        push   $0x8
0x81ba600 <epan_dissect_new+16>:        call   0x8065e20 <g_malloc>
0x81ba605 <epan_dissect_new+21>:        mov    %eax,%ebx
0x81ba607 <epan_dissect_new+23>:        mov    0xc(%esi),%eax
0x81ba60a <epan_dissect_new+26>:        add    $0x10,%esp
0x81ba60d <epan_dissect_new+29>:        test   %eax,%eax
0x81ba60f <epan_dissect_new+31>:        je     0x81ba61d <epan_dissect_new+45>
0x81ba611 <epan_dissect_new+33>:        sub    $0xc,%esp
0x81ba614 <epan_dissect_new+36>:        push   %eax
0x81ba615 <epan_dissect_new+37>:        call   0x8065860 <g_slist_free>
0x81ba61a <epan_dissect_new+42>:        add    $0x10,%esp
0x81ba61d <epan_dissect_new+45>:        mov    %edi,0x4(%ebx)
0x81ba620 <epan_dissect_new+48>:        sub    $0xc,%esp
0x81ba623 <epan_dissect_new+51>:        movl   $0x0,0xc(%esi)
0x81ba62a <epan_dissect_new+58>:        push   %edi
0x81ba62b <epan_dissect_new+59>:        push   %esi
0x81ba62c <epan_dissect_new+60>:        mov    0x28(%esp,1),%edx
0x81ba630 <epan_dissect_new+64>:        push   %edx
0x81ba631 <epan_dissect_new+65>:        mov    0x28(%esp,1),%eax
0x81ba635 <epan_dissect_new+69>:        push   %eax
0x81ba636 <epan_dissect_new+70>:        push   %ebx
0x81ba637 <epan_dissect_new+71>:        call   0x81bb1a0 <dissect_packet> 
<-----
0x81ba63c <epan_dissect_new+76>:        add    $0x20,%esp

-------------------------------
# Registers at entry to dissect_packet (breakpoint)
(gdb) info all-reg
eax            0x8368944        137791812
ecx            0x28     40
edx            0x8367da8        137788840
ebx            0x8366e10        137784848
esp            0xbfffdfc0       0xbfffdfc0
ebp            0x0      0x0
esi            0x838c5d0        137938384
edi            0x0      0
eip            0x81bb1a0        0x81bb1a0
eflags         0x296    662
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x0      0
st0            0.86298924238956287169344250287394971    (raw
0x3ffedcecdcecdcece000)
st1            0.5      (raw 0x3ffe8000000000000000)
st2            1.7259784847791257433868850057478994     (raw
0x3fffdcecdcecdcece000)
st3            0        (raw 0x00000000000000000000)
st4            65535    (raw 0x400effff000000000000)
st5            301      (raw 0x40079680000000000000)
st6            0.5      (raw 0x3ffe8000000000000000)
st7            3        (raw 0x4000c000000000000000)
fctrl          0x37f    895
fstat          0x120    288
ftag           0xffff   65535
fiseg          0x23     35
fioff          0x4019c899       1075431577
foseg          0x2b     43
fooff          0xbfffe5d0       -1073748528
fop            0x35d    861
Prev by Date: Re: [Ethereal-dev] Basic i18n (Internationalization)
Next by Date: [Ethereal-dev] Alternative GUI for ethereal
Previous by thread: [Ethereal-dev] Ethereal on LInux with Multiple ethernet cards
Next by thread: [Ethereal-dev] Alternative GUI for ethereal
Index(es):
- Date
- Thread