Wireshark-bugs: [Wireshark-bugs] [Bug 4860] new_packet_list: Crash triggered when changing displ

Date: Sun, 13 Jun 2010 09:36:56 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4860

--- Comment #6 from Jim Young <jyoung@xxxxxxx> 2010-06-13 09:36:45 PDT ---
Building on Bill's observations from comment #4...

At the time of the crash the iter in question does not appear to be properly
prepared; the iter->user_data == NULL and iter->stamp == 0.

packet_list_store()'s packet_list_get_iter() does appear to assign non-NULL and
non-zero values to an iter.

Just prior to the crash packet_list_get_iter() uses an "n" value (From: n =
indices[0]; /* the n-th top level row */) that matches the frame.number-1 that
was selected during the right mouse click from the packet-list.   If the
selected frame.number-1 exceeds the number of frames currently displayed then
this bug will be triggered.  

By watching the value of "n" in packet_list_get_iter() when a right mouse click
popup is used from packet-details pane the actual "n" value used appears to be
relative to the displayed packets.

In the packet-details pop-up case, I see calls to packet_list_iter_nth_child().
Is something like that missing in the packet-list pop-up case?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.