Martin Regner wrote:
>Guy Harris wrote:
>> The problem is, I suspect, that the new code for attaching window
>> scaling option information to a conversation is used regardless of
>> whether TCP sequence analysis is enabled, and that code calls
>> "get_tcp_conversation_data()", which assumes that "tcp_analysis_chunk"
>> is non-NULL, but that memory chunk is allocated only if TCP sequence
>> analysis is enabled.
>>
>
>Yes, you are probably right. I have now turned on the "Analyze TCP Sequence numbers" and "Relative Seq nums and Window Scaling" options as a temporar fix and then I don't get a crash with the same captures.
>
>I didn't have Window Scaling turned on when I got the crash, but it seems that that routine was called anyway.
After I moved the allocation of tcp_analysis_chuck so that it is always allocated I still got some crashes in TCP dissector.
It seems that there is a need to check if get_tcp_conversation_data returns NULL in the pdu_store_window_scale_option and the tcp_analyze_sequence_number subroutines and then just return, or maybe there is something else that is wrong?
I had to look on another problem, so I didn't have time to look so much on the code.
But it seems that I got rid of the crashes with that capture file at least, which meant that I could continue to look into the problem I really intended to look on.