Wireshark-bugs: [Wireshark-bugs] [Bug 5812] Dissector for the Babel Routing Protocol (RFC 6126)

Date: Thu, 7 Apr 2011 16:59:08 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5812

--- Comment #11 from Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> 2011-04-07 17:59:08 MDT ---
Here is the crash again.  We try to stay away from things like tvb_get_ptr()
and memcpy() due to being error prone...

Babel Routing Protocol
    Magic: 42
    Version: 2
    Body Length: 8
    Message hello (4)
        Message Type: hello (4)
        Message Length: 6
        Seqno: 0x9ca6
        Interval: 2000

[Switching to Thread 8062041c0 (LWP 100047)]

Breakpoint 1, network_prefix (ae=2, plen=128, omitted=0, 
    p=0x80a1df650 " \001\006`3\001\200c\002\030\20432a]\002\001\006\a\006\001",
dp=0x7fffffffd500 "", len=19, p_r=0x7fffffffd4d0 "") at packet-babel.c:178
178         memcpy(p_r, prefix, 16);

It only happens when running tshark with -V to show the full packet dissection
tree.  Here is a session of doing "next" many times in gdb until the crash so
you can see the order of calls before the stack is corrupted:

325                     guint8 flags = tvb_get_guint8(tvb, message + 3);
(gdb) 
326                     guint8 plen = tvb_get_guint8(tvb, message + 4);
(gdb) 
332                                        len - 10, p);
(gdb) 

Breakpoint 1, network_prefix (ae=2, plen=128, omitted=86, 
    p=0x80a1df68a "\221N\002", 
    dp=0x7fffffffd500 " \001\006`3\001\200c\002\030\20432a]", len=8, 
    p_r=0x807c0aa80 "P\b") at packet-babel.c:178
178         memcpy(p_r, prefix, 16);
(gdb) 
179         return 1;
(gdb) 
180     }
(gdb) 

Program received signal SIGSEGV, Segmentation fault.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.