ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] FW: DISSECTOR_ASSERT_NOT_REACHED in WLCCP decode...

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Kevin A. Noll" <spamknoll@xxxxxxxxxxxxx>
Date: Thu, 31 May 2007 15:29:56 -0400
 
You were absolutely right about changing from FT_UINT_BYTES to FT_BYTES. Now
the problem is simply "malformed packet" which is very likely just
unfinished code or something. This also solved another issue that I was
seeing where certain TLV values were reported as "Missing" instead of
throwing an error.

I'm still wondering why this makes a difference, though.

Thanks!

--kan--
--
Kevin A. Noll, KD4WOZ
CCIE, CCDP


-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Joerg Mayer
Sent: Thursday, May 31, 2007 10:21 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] FW: DISSECTOR_ASSERT_NOT_REACHED in WLCCP
decode...

On Wed, May 30, 2007 at 10:18:13PM +0200, Joerg Mayer wrote:
> On Wed, May 30, 2007 at 01:15:35PM -0700, Stephen Fisher wrote:
> > > So I'm looking at the value strings, and I'm wondering why we 
> > > should terminate them with {0, NULL} and what happens if one of 
> > > the value pairs needs to be {0, "a real string"} ?
> > 
> > You can still use 0, "a real string" as one of the entries.  You 
> > just need to have 0, NULL as the final entry.  If you don't, the 
> > code will keep reading past the end and run into random memory space 
> > looking for that 0, NULL entry.
> 
> And one of those overruns might actually cause the crash you were 
> talking about.

I just found another 10 Minutes to actually test the code (with the added
{0, NULL} stuff).

Please replace all FT_UINT_BYTES by FT_BYTES (you've misunderstood the
meaning of _UINT_ in that type. That will get you further (up to some failed
assertion "(guint)hfindex < gpa_hfinfo.len, which means, that you reference
a non-existent hf_ element).

Ciao
  Joerg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube