Wireshark-bugs: [Wireshark-bugs] [Bug 8212] Warn Dissector bug, protocol JXTA

Date: Thu, 17 Jan 2013 03:49:27 +0000

Comment # 6 on bug 8212 from
This is an interesting one. It appears that what happens is the
framing_header_tree_item at packet-jxta.c:1057 is being faked by
TRY_TO_FAKE_THIS_ITEM which is returning the tree node back to the caller. The
tree node has its own field_info structure of course which is totally different
from what the jxta dissector is expecting. This becomes a problem when the
dissector calls proto_item_set_end at line 1095, as the 'start' field of the
tree field_info is not at all what it expects, leading to the assertion.

As far as I can tell, the JXTA dissector is doing nothing wrong - this is an
odd confluence of various pieces internal to wireshark. I have no idea what the
right fix is though...

- Is the tree's finfo->start value right in the first place? It seems awfully
large...
- Should we not be faking the item if we plan to set an explicit end point on
it later? I have no idea how we'd know that in TRY_TO_FAKE_THIS_ITEM though.
- Should proto_item_set_end be a no-op if we detect fakery? This seems like the
best option to me, but again I don't know how to detect it. Faking-with-null is
already checked, and we don't have the tree available to detect
faking-with-tree. And besides, it's still valid to actually call
proto_item_set_end on the tree itself if we want to...

I'm afraid I can't really take this one further. Hopefully someone with a
better grasp of the internals involved will know what to do.

Cheers,
Evan


You are receiving this mail because:
  • You are watching all bug changes.