https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3984
--- Comment #7 from Kovarththanan Rajaratnam <kovarththanan.rajaratnam@xxxxxxxxx> 2009-09-24 07:15:37 PDT ---
(In reply to comment #6)
> Hi,
> Did you open the attached file? Hum, it's only a one packet capture so of
> course the first time ep memory is not clobbered, you have to click on the
> packet.
Sorry about that. I didn't click on the packet, so I didn't see it. This seems
to be a bug in ICMP, which should be fixed in r30112.
>
> ep_verify_pointer doesn't work for small capture, where small is rather big
> the bogus packet is from a 51MB file and ep_verify_pointer is still always true
> when loading it, because if there's only one chunk used_list is NULL. I double
> checked with svn r30111.
Fixed in 30113.
> I really think it should be moved to packet_list_change_record and fall back to
> a copy rather than triggering an assert.
> The most common cause for this bug would be a call to val_to_str with an
> ep_alloced message for unknown value. Even a fuzz test may not always find that
> kind of error.
We should fix these issues instead of trying to hide them. Things like these
only get worse with time.
> Moreover a lot of dissectors currently using col_add_str(..., val_to_str(...))
> could be move back to use col_set_str.
> It would save more memory, unknown values are or should be uncommon, and it
> would be faster.
Are you proposing that we keep both col_set_str and col_add_str while still
allowing col_set_str to be called with an ep_alloc'ed string?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.