Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2870] New: "Per-packet memory corrupted" crashes if file c

Date: Sat, 13 Sep 2008 11:01:40 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2870

           Summary: "Per-packet memory corrupted" crashes if file contains
                    DUA packets
           Product: Wireshark
           Version: 1.0.3
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: m.davies@xxxxxxxxxxxxxx


Created an attachment (id=2237)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2237)
Example libpcap files

Build Information:
Version 1.0.3 (SVN Rev 26134)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804
--
Since people have started testing DUA carrying DASS2 or DPNSS in our lab then
we have started to see random Wireshark crashes reporting “Err  Per-packet
memory corrupted.” in a debug window.  The strange thing is that if you split
the file then both parts can usually be decoded successfully so it doesn’t
appear to be a simple decoding problem.

For example the attached fred.pcap shows the problem on my version of
Wireshark.  However if I split the file into fred1.pcap and fred2.pcap, I can
load both files OK into a new instance of Wireshark but if I load fred1.pcap
then open fred2.pcap in the same Wireshark session I get the problem.

The problem can also be overcome by forcing SCTP PPID=1 to be decoded as DUA
but this seems to cause decoding errors elsewhere.

While I am happy that Wireshark may not be able to decode the packets yet, I
don't think it should cause this sort of crash so any assistance with this
problem would be greatly appreciated.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.