https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5812
--- Comment #11 from Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> 2011-04-07 17:59:08 MDT ---
Here is the crash again. We try to stay away from things like tvb_get_ptr()
and memcpy() due to being error prone...
Babel Routing Protocol
Magic: 42
Version: 2
Body Length: 8
Message hello (4)
Message Type: hello (4)
Message Length: 6
Seqno: 0x9ca6
Interval: 2000
[Switching to Thread 8062041c0 (LWP 100047)]
Breakpoint 1, network_prefix (ae=2, plen=128, omitted=0,
p=0x80a1df650 " \001\006`3\001\200c\002\030\20432a]\002\001\006\a\006\001",
dp=0x7fffffffd500 "", len=19, p_r=0x7fffffffd4d0 "") at packet-babel.c:178
178 memcpy(p_r, prefix, 16);
It only happens when running tshark with -V to show the full packet dissection
tree. Here is a session of doing "next" many times in gdb until the crash so
you can see the order of calls before the stack is corrupted:
325 guint8 flags = tvb_get_guint8(tvb, message + 3);
(gdb)
326 guint8 plen = tvb_get_guint8(tvb, message + 4);
(gdb)
332 len - 10, p);
(gdb)
Breakpoint 1, network_prefix (ae=2, plen=128, omitted=86,
p=0x80a1df68a "\221N\002",
dp=0x7fffffffd500 " \001\006`3\001\200c\002\030\20432a]", len=8,
p_r=0x807c0aa80 "P\b") at packet-babel.c:178
178 memcpy(p_r, prefix, 16);
(gdb)
179 return 1;
(gdb)
180 }
(gdb)
Program received signal SIGSEGV, Segmentation fault.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
