Thanks for the prompt reply.
Looking forward to this fix. :D
--- Guy Harris <gharris@xxxxxxxxx> wrote:
> On Thu, Oct 10, 2002 at 10:13:16AM -0700, Jaime
> Fournier wrote:
> > I have found that the dissector for AFS is
> causing
> > tethereal/ethereal to die on certain packets.
> > I have provided a backtrace of the crash that I
> can
> > reproduce with a large capture file I have.
>
> It's crashing because it's being asked to allocate a
> huge amount of
> memory; the "OUT_RXString()" does
>
> i = tvb_get_ntohl(tvb, offset); \
> offset += 4; \
> len = ((i+4-1)/4)*4; \
> tmp = g_malloc(i+1); \
> memcpy(tmp, tvb_get_ptr(tvb,offset,i), i); \
> tmp[i] = '\0'; \
>
> which will, if the length value is bogus (for
> whatever reason) and
> overly large, fail in "g_malloc()" rather than
> failing by throwing a
> "mangled packet" exception, the latter being what it
> *should* do.
>
> Doing it as
>
> i = tvb_get_ntohl(tvb, offset); \
> offset += 4; \
> p = tvb_get_ptr(tvb,offset,i); \
> len = ((i+4-1)/4)*4; \
> tmp = g_malloc(i+1); \
> memcpy(tmp, p, i); \
> tmp[i] = '\0'; \
>
> (with an additional temporary variable "p" - or
> whatever name makes it
> work) - should fix that.
>
> I'll test that and check it in.
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-dev
=====
Jaime Fournier
__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com