Wireshark-bugs: [Wireshark-bugs] [Bug 2620] RTMP real-time video feed crashes wireshark

Date: Thu, 19 Jun 2008 13:48:38 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2620


Gerald Combs <gerald@xxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|Major                       |Blocker
           Priority|Low                         |High




--- Comment #2 from Gerald Combs <gerald@xxxxxxxxxxxxx>  2008-06-19 13:48:37 PDT ---
I wonder if this isn't a bug in Glib. I can duplicate the problem on Ubuntu
7.10 x86_64, but not on Mac OS X Intel 10.4 or Windows XP x86. Here's the stack
trace I get on Ubuntu:

Program terminated with signal 11, Segmentation fault.
#0  0x00002b1d44102b23 in g_slice_alloc () from /usr/lib/libglib-2.0.so.0
(gdb) bt
#0  0x00002b1d44102b23 in g_slice_alloc () from /usr/lib/libglib-2.0.so.0
#1  0x00002b1d416d2973 in tvb_new (type=TVBUFF_SUBSET) at tvbuff.c:128
#2  0x00002b1d416d35f4 in tvb_new_subset (backing=0x123ec00, backing_offset=0, 
    backing_length=130, reported_length=130) at tvbuff.c:493
#3  0x00002b1d41bdbc7b in tcp_dissect_pdus (tvb=0x123ec00, pinfo=0x124e250, 
    tree=0x123e4e0, proto_desegment=1, fixed_len=12, 
    get_pdu_len=0x2b1d41b21bc7 <get_rtmpt_pdu_len>, 
    dissect_pdu=0x2b1d41b21209 <dissect_rtmpt>) at packet-tcp.c:1974
#4  0x00002b1d41b21e30 in dissect_rtmpt_tcp (tvb=0x123ec00, pinfo=0x124e250, 
    tree=0x123e4e0) at packet-rtmpt.c:421
#5  0x00002b1d4169f295 in call_dissector_through_handle (handle=0xfb5040, 
    tvb=0x123ec00, pinfo=0x124e250, tree=0x123e4e0) at packet.c:396
#6  0x00002b1d4169f43f in call_dissector_work (handle=0xfb5040, tvb=0x123ec00, 
    pinfo_arg=0x124e250, tree=0x123e4e0) at packet.c:485
#7  0x00002b1d416a1059 in call_dissector_only (handle=0xfb5040, tvb=0x123ec00, 
    pinfo=0x124e250, tree=0x123e4e0) at packet.c:1774

tvb_new() calls g_slice_alloc() indirectly via g_chunk_new(). According to the
Glib documentation, g_slice_alloc() should just return some allocated memory
and not crash. Searching for "g_slice_alloc sigsegv" on launchpad.net turns up
a large number of hits for a variety of applications.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.