On Wed, Mar 24, 2010 at 09:59:36AM -0400, Brian Oleksa wrote:
> So I did some more troubleshooting only to find the following:
> The dissector crashes in WinXP but not on my Fedora Core 9 box. This is
> weird.
>
> Using editcap... I was able to find the frame on windows to which wireshark
> crashed on (which was frame 17641).
> I opened the same .pcap file on my FC-9 box (it did not crash)...but I went
> to frame 17641 only to find out that it is a Malformed Packet.
>
> Any thoughts..??
I'd bet on calls to gmtime().
1/ gmtime() can return NULL.
2/ Windows-specific:
These functions validate their parameter. (...) if the timer value is negative, these functions invoke an invalid
parameter handler, as described in Parameter Validation. [1]
The behavior of the C Runtime when an invalid parameter is found is to call the currently assigned invalid parameter handler.
The default invalid parameter invokes Watson crash reporting, which *causes the application to crash* (...) [2]
Which reminds me of some checks in to_str.c ( e.g. if (abs_time->secs > 2000000000) tmp = NULL; )
maybe custom handler for _set_invalid_parameter_handler() [3] would be enough?
(I can't test it ;/)
Cheers.
[1] http://msdn.microsoft.com/en-us/library/0z9czt0w%28VS.80%29.aspx
[2] http://msdn.microsoft.com/en-us/library/ksazx244%28VS.80%29.aspx
[3] http://msdn.microsoft.com/en-us/library/a9yf33zb%28VS.80%29.aspx