Wireshark-bugs: [Wireshark-bugs] [Bug 1077] New: Bad array initialisation leads to a crash
Date: Tue, 29 Aug 2006 12:01:51 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1077 Summary: Bad array initialisation leads to a crash Product: Wireshark Version: SVN Platform: PC OS/Version: Linux Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: florent.drouin@xxxxxxxxxx Wireshark (SVN19047) did crash loading a file with Camel messages Here is the core-dump << GNU gdb 6.4-debian Copyright 2005 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (gdb) run Starting program: /home/etherdev/wireshark_TCAP_SVN19047/.libs/lt-wireshark [Thread debugging using libthread_db enabled] [New Thread -1238153536 (LWP 7388)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1238153536 (LWP 7388)] 0xb64995b0 in strncpy () from /lib/tls/i686/cmov/libc.so.6 (gdb) where #0 0xb64995b0 in strncpy () from /lib/tls/i686/cmov/libc.so.6 #1 0xb6fe627f in col_do_append_sep_va_fstr (cinfo=0x8182bd8, el=<value optimized out>, separator=0x0, format=0xb795b0af " %s", ap=0xbfeff3dc "#@h#L") at column-utils.c:291 #2 0xb6fe6352 in col_append_fstr (cinfo=0x87389d8, el=141789655, format=0x0) at column-utils.c:317 #3 0xb706bbdf in dissect_alcap (tvb=0x88cc678, pinfo=0xbf27308, tree=0x0) at packet-alcap.c:1430 #4 0xb6ff5aae in call_dissector_through_handle (handle=0x86c4780, tvb=0x88cc678, pinfo=0xbf27308, tree=0x0) at packet.c:387 #5 0xb6ff5c02 in call_dissector_work (handle=0x86c4780, tvb=0x88cc678, pinfo_arg=<value optimized out>, tree=0x0) at packet.c:562 #6 0xb6ff689f in dissector_try_port (sub_dissectors=0x87389d8, port=12, tvb=0x88cc678, pinfo=0xbf27308, tree=0x87389d8) at packet.c:837 #7 0xb73757fb in dissect_mtp3 (tvb=0x8890ab8, pinfo=0xbf27308, tree=0x0) at packet-mtp3.c:588 #8 0xb6ff5aae in call_dissector_through_handle (handle=0x84cf0e8, tvb=0x8890ab8, pinfo=0xbf27308, tree=0x0) at packet.c:387 #9 0xb6ff5c02 in call_dissector_work (handle=0x84cf0e8, tvb=0x8890ab8, pinfo_arg=<value optimized out>, tree=0x0) at packet.c:562 #10 0xb6ff6050 in call_dissector (handle=0x87389d8, tvb=0x8890ab8, pinfo=0xbf27308, tree=0x0) at packet.c:1706 #11 0xb7374711 in dissect_mtp2 (tvb=0x88a1da0, pinfo=0xbf27308, tree=0x0) at packet-mtp2.c:186 #12 0xb6ff5aae in call_dissector_through_handle (handle=0x84cf0d0, tvb=0x88a1da0, pinfo=0xbf27308, tree=0x0) at packet.c:387 #13 0xb6ff5c02 in call_dissector_work (handle=0x84cf0d0, tvb=0x88a1da0, pinfo_arg=<value optimized out>, tree=0x0) at packet.c:562 #14 0xb6ff6050 in call_dissector (handle=0x87389d8, tvb=0x88a1da0, pinfo=0xbf27308, tree=0x0) at packet.c:1706 #15 0xb7322d02 in dissect_k12 (tvb=0x88a1da0, pinfo=0xbf27308, tree=0x0) at packet-k12.c:125 #16 0xb6ff5aae in call_dissector_through_handle (handle=0x84a94f0, tvb=0x88a1da0, pinfo=0xbf27308, tree=0x0) at packet.c:387 #17 0xb6ff5c02 in call_dissector_work (handle=0x84a94f0, tvb=0x88a1da0, pinfo_arg=<value optimized out>, tree=0x0) at packet.c:562 #18 0xb6ff689f in dissector_try_port (sub_dissectors=0x87389d8, port=80, tvb=0x88a1da0, pinfo=0xbf27308, tree=0x87389d8) at packet.c:837 #19 0xb722f7c1 in dissect_frame (tvb=0x88a1da0, pinfo=0xbf27308, parent_tree=0x0) at packet-frame.c:286 #20 0xb6ff5aae in call_dissector_through_handle (handle=0x8444570, tvb=0x88a1da0, pinfo=0xbf27308, tree=0x0) at packet.c:387 #21 0xb6ff5c02 in call_dissector_work (handle=0x8444570, tvb=0x88a1da0, pinfo_arg=<value optimized out>, tree=0x0) ---Type <return> to continue, or q <return> to quit---q at pacQuit (gdb) quit The program is running. Exit anyway? (y or n) y etherdev@baobab:~/wireshark_TCAP_SVN19047$ gdb ./.libs/lt-wireshark GNU gdb 6.4-debian Copyright 2005 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (gdb) run Starting program: /home/etherdev/wireshark_TCAP_SVN19047/.libs/lt-wireshark [Thread debugging using libthread_db enabled] [New Thread -1237236032 (LWP 7394)] Program received signal SIGINT, Interrupt. [Switching to Thread -1237236032 (LWP 7394)] 0xb65716b0 in malloc_usable_size () from /lib/tls/i686/cmov/libc.so.6 (gdb) etherdev@baobab:~/wireshark_TCAP_SVN19047$ >> After analyze, it seems that the trace file contains corrupted frames. These frames are decoded as "Alcap", and the display of the COL_INFO corrupt the column buffer. So, at next message display, a crash occured. -- Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
- Follow-Ups:
- [Wireshark-bugs] [Bug 1077] Bad array initialisation leads to a crash
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1077] Bad array initialisation leads to a crash
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1077] Bad array initialisation leads to a crash
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1077] Bad array initialisation leads to a crash
- Prev by Date: [Wireshark-bugs] [Bug 903] Crash when starting capture with various filters
- Next by Date: [Wireshark-bugs] [Bug 1077] Bad array initialisation leads to a crash
- Previous by thread: [Wireshark-bugs] [Bug 903] Crash when starting capture with various filters
- Next by thread: [Wireshark-bugs] [Bug 1077] Bad array initialisation leads to a crash
- Index(es):