On Dec 9, 2009, at 6:29 PM, Mihaly Zachar wrote:
> I don't have it yet if you need I can do, but if you try it I'm almost
> sure that you can reproduce the problem, because we tried it on multiple
> PCs and on a Mac as well, with the same result.
I couldn't get it to crash - but Bill Meier found the problem; it was an uninitialized pointer structure member. It might have been that, when I tried it, the chunk of data allocated for the data structure in question was freshly-allocated, and thus all zero, so that the pointer happened to be null. He reproduced it on Windows, and the allocator might stuff bogus values into freshly-allocated memory, causing a crash. It might also happen if enough memory gets allocated and freed, so that the chunk of data allocated for the data structure has junk in it, giving a bad pointer.
A fix has been checked in, initializing the pointer member in question to a null pointer:
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-radius.c?r1=31221&r2=31220&pathrev=31221
and is targeted for the 1.2.5 and 1.0.11 releases.