ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 1001] free() invalid pointer in dissect_802_3 at packet-ie

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 29 Jul 2006 10:18:41 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001





------- Comment #14 from gentoo-a7x@xxxxxxxxxxxxxxx  2006-07-29 10:18 GMT -------
Created an attachment (id=320)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=320&action=view)
valgrind tshark output

(In reply to comment #13)
> (In reply to comment #11)
> > (In reply to comment #10)
> > > --Does valgrind work with SSP? 
> > 
> > Not sure...  I've never used valgrind before (I'm far from an experienced
> > programmer).  How would I test it?
> 
> It's easy :)
> valgrind foo

I ran valgrind 3.2.0 on tshark and attached the output.  Let me know if there
are any command line parameters or anything that would improve the output.

Some things to note about valgrind:

(1) Gentoo disables SSP support in gcc when it compiles valgrind.  Presumably
valgrind itself has issues with SSP (which I think is what you're asking).  For
more info, see:
http://bugs.gentoo.org/show_bug.cgi?id=114347
I can try to override Gentoo's disabling of SSP to see what happens when it's
compiled with SSP, if you think that would be useful.

(2) tshark kept going after the invalid free() and valgrind didn't complain
about subsequent invalid free()s.  Does valgrind only complain about the first
occurrence, or are the subsequent displays of packets not trying to free an
invalid pointer?

(3) tshark, while running under valgrind, complained about a dissector bug
while trying to dissect spanning tree protocol packets:
[Dissector bug, protocol LLC: tvbuff.c:387: failed assertion "tvb &&
tvb->initialized"]

> Does it crashe if you open a previously captured file?

Interesting news:  I have two packet captures, one of which crashes Wireshark,
while the other does not.  The one that crashes Wireshark has only spanning
tree protocol packets, while the other has only TCP and UDP packets.  I'll
attach the STP capture.  This news -- in combination with the messages about
failed assertions in the attached valgrind output -- may be the key to
narrowing down the source of the problem.  I'll keep my fingers crossed.  :)


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube