[bugzilla-daemon@xxxxxxxxxxxxx]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6927

           Summary: PDML XML file export corrupted in certain locales
           Product: Wireshark
           Version: SVN
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: colin.paton@xxxxxxxxxxxxx


Created attachment 7984
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7984
Screenshot showing faulty XML

Build Information:
Version 1.7.1 (SVN Rev 41432 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.29.4, with
GLib 2.28.8, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities,
with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS
2.10.3, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Mar  8 2012), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729
--
This seems to occur in many versions of Wireshark, and occurred in Korea in
this instance. It still occurs in the SVN trunk source.

The problem occurs as the packet.timestamp 'show' field isn't correctly XML
escaped. This causes problems in locales which require unicode to encode their
timezone description.

The attached screenshot shows the XML output with the problem - the string
appears as unterminated and won't parse.

I think the problem occurs in this code:


in trunk/print.c

static void
print_pdml_geninfo(proto_tree *tree, FILE *fh)
{

...


        /* Print geninfo.timestamp */
        fprintf(fh,
"    <field name=\"timestamp\" pos=\"0\" show=\"%s\" showname=\"Captured Time\"
value=\"%d.%09d\" size=\"%u\"/>\n",
                abs_time_to_str(timestamp, ABSOLUTE_TIME_LOCAL, TRUE), (int)
timestamp->secs, timestamp->nsecs, frame_finfo->length);

abs_time_to_str can return a unicode string containing the timezone
description. In the UK this is encoded as "GMT Standard Time" but is encoded
using Korean characters in the faulty instance.

epan/to_str.c::get_zonename() returns the unicode characters which get passed
back via abs_time_to_str

I think that the following patch may solve the problem but as yet have been
unable to verify this:

Index: print.c
===================================================================
--- print.c    (revision 41432)
+++ print.c    (working copy)
@@ -585,11 +585,14 @@
 "    <field name=\"caplen\" pos=\"0\" show=\"%u\" showname=\"Captured Length\"
value=\"%x\" size=\"%u\"/>\n",
         caplen, caplen, frame_finfo->length);

-    /* Print geninfo.timestamp */
+    /* Print geninfo.timestamp */ 
     fprintf(fh,
-"    <field name=\"timestamp\" pos=\"0\" show=\"%s\" showname=\"Captured
Time\" value=\"%d.%09d\" size=\"%u\"/>\n",
-        abs_time_to_str(timestamp, ABSOLUTE_TIME_LOCAL, TRUE), (int)
timestamp->secs, timestamp->nsecs, frame_finfo->length);
+"    <field name=\"timestamp\" pos=\"0\" show=\"");

+    print_escaped_xml(fh,abs_time_to_str(timestamp, ABSOLUTE_TIME_LOCAL,
TRUE));
+    fprintf(fh,"\" showname=\"Captured Time\" value=\"%d.%09d\"
size=\"%u\"/>\n",
+         (int) timestamp->secs, timestamp->nsecs, frame_finfo->length);
+
     /* Print geninfo end */
     fprintf(fh,
 "  </proto>\n");

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.