Wireshark-bugs: [Wireshark-bugs] [Bug 3984] r29723 optimization, if (cinfo->col_data[col] != cin
Date: Thu, 24 Sep 2009 02:56:04 -0700 (PDT)

didier gautheron <[email protected]> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

--- Comment #6 from didier gautheron <[email protected]>  2009-09-24 02:56:00 PDT ---
Did you open the attached file? Hum, it's only a one packet capture so of
course the first time ep memory is not clobbered, you have to click on the

 ep_verify_pointer doesn't work for small capture, where small is rather big
the bogus packet is from a 51MB file and ep_verify_pointer is still always true
when loading it, because if there's only one chunk used_list is NULL. I double
checked with svn r30111.

I really think it should be moved to packet_list_change_record and fall back to
a copy rather than triggering an assert. 
The most common cause for this bug would be a call to val_to_str with an
ep_alloced message for unknown value. Even a fuzz test may not always find that
kind of error. 

Moreover a lot of dissectors currently using col_add_str(..., val_to_str(...))
could be move back to use col_set_str.
It would save more memory, unknown values are or should be uncommon, and it
would be faster.

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.