Hi,
> A fuzzed Sample.cap file (attached) crashed TShark and took a *very*
> long time (2 mins) to load in WS.
>
it loads the file imediately on my computer without any delay.
I tried the fuzzy file also with tshark.
I called "tshark -r sample.cap", is this right?
Because it didn't crash for me. I tried it several times.
Any ideas why it behaves different for you?
I'm currently working on revision 21246.
Compiled with VC6 on windows.
>
> Some points that I've seen immediately:
> - you *must* end *every* value_string you use by a an ending sequence
> { 0, NULL }, otherwise unexpected values coming from the network will
> result in an access
Ok, I'll fix that.
> violation, as the corresponding access functions will run into the
> wrong memory areas
> - e.g. opcua.c / g_szMessageTypes unnecessarily re-implements a
> value_string - this bloats code size and complexity
>
I don't know how to do this with value_string.
I'm parsing textual protocol message signatures and not numbers:
e,g, "UATH" -> "Hello Message"
"UAMA" -> "Abort Message"
...
static char* g_szMessageTypes[] =
{
"Hello message",
"Acknowledge message",
"Disconnect message",
"Data message, last chunk in message.",
"Data message, further chunks must follow.",
"Abort message",
"Error message",
"Invalid message",
"Unknown message"
};
How does this small string table bloat the code size?
It wouldn't be smaller with value_string.
And the parsing code always defaults to "Unkown message", so there is no
way for an out of bounds szenerio
like with the value_string arrays and so I don't need NULL at the end here.
regards,
Gerhard.
