https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6020
--- Comment #12 from Brian Douglass <brian.douglass@xxxxxxx> 2011-07-08 10:58:53 PDT ---
I've uploaded a cut down version of my dissector per request, along with a
compressed pcap file that I test with. What my g2sTrivial.lua post dissector
does above and beyond the Trivial dissector is the following:
1) Pulls in xml.cdata from the xml dissector and transfers to a local variable.
2) Checks to see if local variable is nil inside IF THEN, and exits dissector
if true.
3) Converts local cdata to a string and searches for "gamingstandards.com"
4) IF not found THEN exit dissector.
5) Assign pinfo.cols.protocol="G2S"
So, accessing the xml.cdata, doing 2 IF THEN statements and a string conversion
are about all that is different from the Trivialproto.lua file. Yet, the
assignment of "G2S" to the pinfo.cols.protocol doesn't hold. On screen it all
shows up as HTTP/XML except for the first packet. These are reassembled PDUs.
I've also uploaded Trivialproto2.lua. I changed the IF THEN statements to
always be true, added assignments to protocol inside and outside the IF
statement, and by commenting out down stream assignments, EVERYTHING WORKS! I
get Trivial4, Trivial6, or Trivial8 displaying on screen depending which is the
last one uncommented.
The original Trivialproto.lua had an IF tcp_src THEN that sometimes was true,
sometime not, this seemed to impact whether Trival2 got overwritten by Trivial4
or not; that even when tcp_src was true, assigning Trivial4 would occasionally
be ignored.
My gut tells me a pointer is being overwritten, or some set of malloced memory
is being written out of bounds and thereby destroying a pointer. One of my
colleagues attempted to build a development environment and was unsuccessful.
Maybe when I have more time I'll give it a try and see what's going on from the
backside.
I do appreciate your time and attention to this matter.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.