Jeff Morriss
changed
bug 8956
Comment # 2
on bug 8956
from Jeff Morriss
What's odd is that gdb crashes on frame 35--that's the one with too many items.
If I look at frame 35 in "tshark -nVr" output I get:
~~~
[Protocols in frame [truncated]:
eth:ip:tcp:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:vnc:]
~~~
and:
~~~
Server Message Type: Framebuffer Update (0)
~~~
But if I look at in Wireshark, that frame is marked as a segment of a
reassembled PDU. Fine, Wireshark is doing 2 passes and is smarter.
But if I disable VNC's "reassemble segments" preference Wireshark just says
"Server Message Type: Unknown (171)".
Weird.
Also, while 100,000 is an arbitrary number of items, I have a hard time
believing that a 1434 byte message could create 100,000 items. If we take out
the Ethernet (14), IP (20), and TCP (20) headers that would be 72 items per
byte in the message. Seems unlikely to me...
Oh, but OK, if I print out the frame and the length of the TVB at the beginning
of dissect_vnc() I get:
~~~
** (process:7779): WARNING **: Frame 35, len=1448
** (process:7779): WARNING **: Frame 35, len=1449
** (process:7779): WARNING **: Frame 35, len=1452
[...]
** (process:7779): WARNING **: Frame 35, len=2555
** (process:7779): WARNING **: Frame 35, len=2556
** (process:7779): WARNING **: Dissector bug, protocol VNC, in packet 35: More
than 1000000 items in the tree -- possible infinite loop
~~~
So I guess tshark is doing some desegmentation (in 1-pass mode). Hmmm...
You are receiving this mail because:
- You are watching all bug changes.