Ethereal-dev: [Ethereal-dev] Ethereal 0.9.7 dumps core in packet-smb-pipe.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Milos Urbanek <urbanek@xxxxxxxxxxx>
Date: Thu, 14 Nov 2002 12:07:37 +0100
Hello,

ethereal 0.9.7 gets sig core after trying access at address 0
in code from packet-smb-pipe.c. Tested under Linux/NetBSD.

Program received signal SIGSEGV, Segmentation fault.
0x0817b085 in dissect_response_parameters (tvb=0x8616c50, offset=4,
    pinfo=0x859f938, tree=0x0, desc=0x0, items=0x83851f8,
    has_data_p=0xbfffdac8, has_ent_count_p=0xbfffdac0, ent_count_p=0xbfffdac4)
    at packet-smb-pipe.c:1807
1807            while ((c = *desc++) != '\0') {
(gdb) print *desc
Cannot access memory at address 0x0
(gdb) print desc
$1 = (guchar *) 0x0
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

(gdb)
The program is not being run.


Quick hack of packet-smb-pipe.c gets the solution by replacing:

(at line 1798)
dissect_response_parameters(tvbuff_t *tvb, int offset, packet_info *pinfo,
    proto_tree *tree, const guchar *desc, const item_t *items,
    gboolean *has_data_p, gboolean *has_ent_count_p, guint16 *ent_count_p)
{   
        guint c;
        guint16 WParam;
        guint32 LParam; 
        int count;

        *has_data_p = FALSE;
        *has_ent_count_p = FALSE;
        while ((c = *desc++) != '\0') {
                switch (c) {


line 	^^^^ by 

        while (desc && (c = *desc++) != '\0') {



Milos