Wireshark-dev: Re: [Wireshark-dev] se_alloc() GSList segfault woes

From: Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Tue, 20 Apr 2010 16:59:26 +0100


On Tue, Apr 20, 2010 at 4:57 PM, Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> wrote:


On Tue, Apr 20, 2010 at 4:45 PM, Jeff Morriss <jeff.morriss.ws@gmail.com> wrote:
Jeremy O'Brien wrote:
> Hello everyone,
>
> I am using a static GSList to record some data about packets I've seen
> so that I can look up said info later. I've defined a custom callback
> for my g_slist_find_custom function that does NULL checking of the
> data that gets passed to it. I am allocating items that I append to
> the GSList with se_alloc(). The items are all very small. Essentially
> the problem is that wireshark segfaults whenever I open a capture file
> that uses this GSList, and then reopen it or another one that uses the
> GSList too. I believe I know why this is happening from my extraneous
> testing. It seems that the GSList (which gets created with the first
> call to g_slist_append()) sticks around after I open a new file, and
> my functions that add things to and search the list are crashing
> because they end up trying to access invalid memory (memory that was
> free'd do to my use of se_alloc for the items in the GSList). I feel
> that I could solve this by calling a g_slist_free() on my GSList (and
> set it to NULL) whenever my dissector opens a new file. I am not sure
> how to go about doing this however. I was trying to find a way to do
> the call on the first packet wireshark sees, so long as
> pinfo->fd->flags.visisted is not set, but I couldn't find a way to
> verify that this was the first packet dissected.

The common solution is to call register_init_routine() to register a
routine that is called whenever the dissector should be reinitialized.

You could take a look at address_hash_table is created and used in packet-arp.c.

Actually, thats not such a good example.  The key is the IP address, which is just cast to a pointer.  The MAC address is in the looked-up value instead...
 
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe