A thought occurred whilst using the "decode as" option under Ethereal 0.8.16
(which is dead handy - especially for RTSP!). I clicked on the wrong decode
by mistake and Ethereal blew up (under Win32).
OK, so I made a mistake. But then I thought - hey, shouldn't the decode just
put junk in its fields, or say the packet was corrupted? Otherwise, what
happens when a slightly malformed packet turns up that is actually destined
for the decoder, won't it crash again?
Perhaps we have here a new method of testing decoders - using a large packet
(e.g. and FTP transfer) and using the decode-as option to decode it as RTSP,
NBSS etc. etc.. Any decoder that causes Ethereal to bounce needs to
therefore have its bounds-checking strengthened.
Perhaps we can take this further. By creating a set of different (non-valid
in any decode) test packets, we could automatically get each release of
Ethereal to speed through using each decode in turn to test for stability.
Is this a daft idea?
Andy Leigh
Senior Planning Engineer, Strategic Network Development
T: +44 (0)20 7765 0575
M: +44 (0)7802 456097
E: andy.leigh@xxxxxxxxx
This e-mail, and any attachment, is confidential. If you have received
it in error, please delete it from your system, do not use or disclose
the information in any way, and notify me immediately. The contents of
this message may contain personal views which are not the views of the
BBC, unless specifically stated.
