Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 1001] free() invalid pointer in dissect_802_3 at packet-ie

Date: Sat, 29 Jul 2006 21:07:10 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001





------- Comment #21 from gentoo-a7x@xxxxxxxxxxxxxxx  2006-07-29 21:07 GMT -------
After learning gdb and stepping through the code one instruction at a time, it
appears that the setjmp() at epan/except.h:148 (called from TRY at
packet-ieee8023.c:58) is trashing the stack.  except_state and exc are
different after the call to setjmp().  In fact, exc and except_state are
mangled in such a way that the code inside the TRY block isn't executed at all
-- it's skipped thanks to the if statement at epan/exceptions.h:180 (which is
how I thought to watch what's going on inside the TRY).

I guess this isn't surprising given that glibc's setjmp is implemented in
assembly and is most certainly not SSP-aware.  However, I would have expected
the SSP gcc patch to reimplement setjmp() in some way.  A quick Google search
doesn't pull up anything about whether setjmp() should or should not be OK with
the SSP patch.  I'll do some more searching.

The thing I don't get is how it's working for non-802.3 packets.  Other
dissectors use the exception code too...


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.