Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5379] New: sflow decode error for some extended formats

Date: Wed, 10 Nov 2010 09:01:15 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5379

           Summary: sflow decode error for some extended formats
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: acferen@xxxxxxxxx


Andrew Feren <acferen@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #5446|                            |review_for_checkin?
               Flag|                            |

Created an attachment (id=5446)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5446)
patch for sflow

Build Information:
wireshark 1.5.0 (SVN Rev 34829 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.20.1, with GLib 2.24.1, with libpcap 1.0.0, with
libz 1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, without GnuTLS, without
Gcrypt, with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 2.6.32-25-generic, with libpcap version 1.0.0, with libz
1.2.3.3.

Built using gcc 4.4.3.

--
The following functions are returning the length of the structure when the
offset is expected.

* dissect_sflow_245_extended_switch
* dissect_sflow_245_extended_router

I'm seeing the following error

09:23:43          Warn Dissector bug, protocol sFlow, in packet 1:
proto.c:3802: failed assertion "end >= fi->start"


patch attached.
While I was in there I ... 

* added modelines for the next person.
* consolidated some common decodes to a single function
  dissect_sflow_245_address_type(...)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.