Wireshark-bugs: [Wireshark-bugs] [Bug 6193] Buildbot crash output: fuzz-2011-08-02-20305.pcap

Date: Tue, 16 Aug 2011 08:48:51 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6193

--- Comment #5 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2011-08-16 08:48:50 PDT ---
(In reply to comment #4)
> (In reply to comment #3)
> > Interesting because I specifically filtered for opensafety packets as I
> > suspected this might be a duplicate, but the filter didn't match any packets.
> 
> I actually just did "./tshark -nVr /tmp/fuzz-6193.pcap | less -i" and then
> searched for "opensafety."  I got a hit in the "packets in this frame" line but
> I was a bit curious to note that it didn't have a big "OpenSafety" (or similar)
> tree in it.  Don't know what's up with that...

I took another look at this and saw that both tshark and Wireshark identify the
following frames as having the following protocols:

Frame 2420: [Protocols in frame: eth:siii:opensafety:siii]
Frame 7068: [Protocols in frame: eth:epl:opensafety:data]

There must be something wrong with the opensafety dissector because the payload
isn't opensafety ... or maybe it is, but it's certainly not decoded as such. 
In the case of frame 2420, you even get a separate openSAFETY Frame (21 bytes)
tab as a new data source.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.