http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2112
------- Comment #2 from gerald@xxxxxxxxxxxxx 2007-12-17 18:44 GMT -------
After tweaking emem.c to use g_malloc(), Valgrind says:
==5705== Invalid write of size 8
==5705== at 0x5FFDFA4: dissect_h245_T_mediaChannel (h245.cnf:719)
==5705== by 0x5E50784: dissect_per_sequence (packet-per.c:1530)
==5705== by 0x600062A: dissect_h245_H2250LogicalChannelParameters
(h245.cnf:824)
==5705== by 0x5E510CD: dissect_per_choice (packet-per.c:1388)
==5705== by 0x5FFDE53: dissect_h245_OLC_forw_multiplexParameters
(h245.cnf:851)
==5705== by 0x5E50784: dissect_per_sequence (packet-per.c:1530)
==5705== by 0x60005D5: dissect_h245_T_forwardLogicalChannelParameters
(h245.cnf:143)
==5705== by 0x5E50784: dissect_per_sequence (packet-per.c:1530)
==5705== by 0x6004553: dissect_h245_OpenLogicalChannel (h245.cnf:118)
==5705== by 0x6004C1F: dissect_h245_OpenLogicalChannelCodec (h245.cnf:410)
==5705== by 0x5FFA9A7: dissect_h225_FastStart_item (h225.cnf:275)
==5705== by 0x5E4E6D5: dissect_per_sequence_of_helper (packet-per.c:496)
==5705== Address 0xFDAE7B0 is 0 bytes inside a block of size 96 free'd
==5705== at 0x4C2182B: free (vg_replace_malloc.c:233)
==5705== by 0x5B51FFE: ep_free_all (emem.c:732)
==5705== by 0x5B531D0: epan_dissect_run (epan.c:159)
==5705== by 0x41A565: process_packet (tshark.c:2406)
==5705== by 0x41D0DA: main (tshark.c:2205)
==5705==
It looks like upcoming_channel->upcoming_addr isn't getting set back to NULL
after dissecting a packet.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
