Ethereal-users: Re: [ethereal-users] editcap crashes on NT 4.0, win2k

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Tue, 27 Jun 2000 20:51:42 -0700
On Tue, Jun 27, 2000 at 05:19:59PM -0700, Barr, Kenneth C wrote:
> Editcap works in linux but not on NT4.0 or Windows 2000.

The fact that it works in Linux may just be pure luck.

> I get a generic
> "Application Error" (The instruction at "0x0040d1d7" referenced memory at
> 0x0c.

It's dereferencing a null pointer, because it wasn't checking for one;
the pointer is null because editcap doesn't open a random-access stream.

The problem will show up when reading a Sniffer Classic file (but not a
file from the Windows version of Sniffer, which uses a different file
format and thus doesn't go through the bad code path).

> (I'm using the binary distributions, not my own builds)

You'd have to use your own build, after applying the attached patch, to
"wiretap/ngsniffer.c", and rebuilding.
Index: ngsniffer.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/wiretap/ngsniffer.c,v
retrieving revision 1.45
diff -c -r1.45 ngsniffer.c
*** ngsniffer.c	2000/06/15 06:18:32	1.45
--- ngsniffer.c	2000/06/28 03:52:21
***************
*** 403,417 ****
  		return -1;
  
  	/*
! 	 * Now position the random stream to the same location, which
! 	 * should be the beginning of the real data, and should
! 	 * be the beginning of the compressed data.
  	 *
  	 * XXX - will we see any records other than REC_FRAME2, REC_FRAME4,
  	 * or REC_EOF after this?  If not, we can get rid of the loop in
  	 * "ngsniffer_read()".
  	 */
! 	file_seek(wth->random_fh, wth->data_offset, SEEK_SET);
  
  	/* This is a ngsniffer file */
  	wth->capture.ngsniffer = g_malloc(sizeof(ngsniffer_t));
--- 403,418 ----
  		return -1;
  
  	/*
! 	 * Now, if we have a random stream open, position it to the same
! 	 * location, which should be the beginning of the real data, and
! 	 * should be the beginning of the compressed data.
  	 *
  	 * XXX - will we see any records other than REC_FRAME2, REC_FRAME4,
  	 * or REC_EOF after this?  If not, we can get rid of the loop in
  	 * "ngsniffer_read()".
  	 */
! 	if (wth->random_fh != NULL)
! 		file_seek(wth->random_fh, wth->data_offset, SEEK_SET);
  
  	/* This is a ngsniffer file */
  	wth->capture.ngsniffer = g_malloc(sizeof(ngsniffer_t));