Comment # 10
on bug 9027
from Jakub Zawadzki
(In reply to comment #9)
> I'm still not sure how exactly this bug gets triggered. I've been through
> the TCP dissector several times, and cannot see how it could add a data
> source before reassembly is complete...
Evan, but from your comment #8 of bug #8825 (bug #8825 comment #8)
I understand that reassembly is completed.
I don't understand how exactly tcp reassembly code works, I have done some
analysis why it crashes on tshark.pcap
(http://www.wireshark.org/~darkjames/anal-8825.txt), but TCP reassembly code is
beyond me.
>From my analysis if you do:
smth = fragment_add() and later
use reassembly tvb (smth->tvb_data) as any data_source (or by
tvb_new_proxy())
you can't later call again fragment_add() [cause it'll free old reassembly]
... but this code fragment:
1863 if (tvb_length_remaining(tvb, offset) > 0)
1864 goto again;
is quite old, really don't understand how it works ;|
You are receiving this mail because:
- You are watching all bug changes.