Ethereal-dev: RE: [Ethereal-dev] Double-free tvb bug in HTTP dissector with gzi p decompressio
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Biot Olivier <Olivier.Biot@xxxxxxxxxxx>
Date: Fri, 7 May 2004 13:22:32 +0200
|-----Original Message-----
|From: Jerry Talkington
|
|On Thu, May 06, 2004 at 11:51:36PM +0200, Olivier Biot wrote:
|>
|> Hi list,
|>
|> If you open the attached capture with Ethereal, you can
|freely inspect
|> it and see the dissected decompression. However, if you enter a
|> display filter like "http" which matches the packet, Ethereal will
|> crash in epan_dissect_free() at the very end of having filtered all
|> packets (I tested this with a 9 MB capture). The crash does
|not happen
|> if you disable the HTTP dissector.
|
|Hmm, I wasn't able to get a crash on my Mac, but I was on my Linux box.
|However, I didn't like the gtk2 interface, so I made distclean, reran
|autogen.sh, configured and ran make, and the crash doesn't happen
|anymore.
|
|I reran autogen.sh, configured with gtk2 again, and the crash still
|doesn't appear. Try rerunning autogen.sh. In the meantime, I'll try
|setting up a build environment on a Windows machine.
I can only say that the bug is still present, even after a thorough
distclean and a complete remake of ethereal on cygwin.
This is wat I did:
# Remake the makefiles so make distclean doesn't remake the makefiles
individually
$ ./config.status
$ make distclean
# Refresh the checked out tree [status of ~5 hours ago]
$ cvs -z9 update -Pd
$ ./autogen.sh
$ ./configure --with-extra-gcc-checks --enable-gtk2
$ make
3 hours later the compilation terminated on my laptop. I then open a debug
session with the capture file I previously sent to the list:
$ ./libtool gdb --args ./ethereal -r
/home/be322008/Desktop/Ethereal/BigCap-gzip-not-chunked-response.snoop
*** Warning: inferring the mode of operation is deprecated.
*** Future versions of Libtool will require -mode=MODE be specified.
GNU gdb 2003-09-20-cvs (cygwin-special)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-cygwin"...
(gdb) r
Starting program:
/home/Administrator/Ethereal/cvs/ethereal/.libs/lt-ethereal.exe -r
/home/be322008/Desktop/Ethereal/BigCap-gzip-not-chunked-response.snoop
[Entered "http" as display filter (without quotes) and applied the dfilter]
Program received signal SIGSEGV, Segmentation fault.
tvb_free_chain (tvb=0x1) at tvbuff.c:221
221 for (slist = tvb->used_in; slist != NULL ; slist =
slist->next) {
(gdb) bt full
#0 tvb_free_chain (tvb=0x1) at tvbuff.c:221
tvb = (tvbuff_t *) 0x1
slist = (GSList *) 0x1033e118
#1 0x00e5609a in tvb_free_chain (tvb=0x103d1f58) at tvbuff.c:222
tvb = (tvbuff_t *) 0x103d1f58
slist = (GSList *) 0x1033e118
#2 0x00e5609a in tvb_free_chain (tvb=0x1033e180) at tvbuff.c:222
tvb = (tvbuff_t *) 0x1033e180
slist = (GSList *) 0x103d1f40
#3 0x00e5609a in tvb_free_chain (tvb=0x1033e118) at tvbuff.c:222
tvb = (tvbuff_t *) 0x1033e118
slist = (GSList *) 0x10311680
#4 0x00e5609a in tvb_free_chain (tvb=0x1033e0e4) at tvbuff.c:222
tvb = (tvbuff_t *) 0x1033e0e4
slist = (GSList *) 0x103d1f68
#5 0x00e5609a in tvb_free_chain (tvb=0x1033e0b0) at tvbuff.c:222
tvb = (tvbuff_t *) 0x1033e0b0
slist = (GSList *) 0x103d1f60
#6 0x00e5609a in tvb_free_chain (tvb=0x1033e07c) at tvbuff.c:222
tvb = (tvbuff_t *) 0x1033e07c
slist = (GSList *) 0x103d1f50
#7 0x00e5609a in tvb_free_chain (tvb=0x1033e048) at tvbuff.c:222
tvb = (tvbuff_t *) 0x1033e048
slist = (GSList *) 0x103d1f38
#8 0x00e5609a in tvb_free_chain (tvb=0x1033dfe0) at tvbuff.c:222
tvb = (tvbuff_t *) 0x1033dfe0
slist = (GSList *) 0x103d1f48
#9 0x00e461a1 in epan_dissect_free (edt=0x103d3a08) at epan.c:166
edt = (epan_dissect_t *) 0x103d3a08
#10 0x0040c756 in _fu189__num_tap_filters () at file.c:896
fdata = (frame_data *) 0x103d3a08
pseudo_header = (union wtap_pseudo_header *) 0x1
buf = (const guchar *) 0x1 <Address 0x1 out of bounds>
refilter = 0
args = {colorf = 0x1028e958, edt = 0x103d3a08}
row = 0
create_proto_tree = 272448008
edt = (epan_dissect_t *) 0x103d3a08
args = {colorf = 0x1028e958, edt = 0x103d3a08}
#11 0x0040d068 in rescan_packets (cf=0x4b3a08, action=0x4b3a98 "\b",
action_item=0x1 <Address 0x1 out of bounds>, refilter=2285872,
redissect=2285876) at file.c:1215
fdata = (frame_data *) 0x1033eccc
progbar = (progdlg_t *) 0x103d1f38
stop_flag = 15032474
count = 271747760
err = 271835208
err_info = (gchar *) 0x22e05c "|�\""
selected_frame = (frame_data *) 0x10328a70
preceding_frame = (frame_data *) 0x7facef
following_frame = (frame_data *) 0x1033e0b0
prev_frame = (frame_data *) 0xe5609a
selected_row = 2285628
prev_row = 271835260
preceding_row = 272441168
following_row = 3568
selected_frame_seen = 1
row = 1
prog_val = 0
start_time = {tv_sec = 271835260, tv_usec = 271746540}
status_str =
"\030�~\000�\2122\020H\037=\020��3\020|�\"\000\232`�\000H�3\020�\2122\020�\
"\000\b:=\020\b:=\020\b:=\020\214�\"\000�a�\000��3\020��3\020��\"\000V�@\000
\b:=\020l�(\020`�(\020��3\020�:L\000�Y\001\000\b:K"
progbar_nextstep = 271835364
progbar_quantum = 15032474
#12 0x004b3980 in filter_tb ()
No symbol table info available.
#13 0x1033ec88 in ?? ()
No symbol table info available.
(gdb)
I think step 10 in the backtrace is interesting: take a close look at the
values of pseudo_header and buf. Maybe we're having a HTTP tap issue here?
#10 0x0040c756 in _fu189__num_tap_filters () at file.c:896
fdata = (frame_data *) 0x103d3a08
pseudo_header = (union wtap_pseudo_header *) 0x1
buf = (const guchar *) 0x1 <Address 0x1 out of bounds>
refilter = 0
args = {colorf = 0x1028e958, edt = 0x103d3a08}
row = 0
create_proto_tree = 272448008
edt = (epan_dissect_t *) 0x103d3a08
args = {colorf = 0x1028e958, edt = 0x103d3a08}
Anybody a clue?
Regards,
Olivier
- Follow-Ups:
- Prev by Date: [Ethereal-dev] base64_decode name clash (util.c vs. Heimdal w/ --with-krb5)
- Next by Date: Re: [Ethereal-dev] HTTP gzip/deflate decompression patch - zlib a nd gzip on Win32
- Previous by thread: Re: [Ethereal-dev] Re: [PATCH] acinclude.m4, configure.in
- Next by thread: Re: [Ethereal-dev] Double-free tvb bug in HTTP dissector with gzi p decompression? - or in HTTP tap?
- Index(es):