Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] pcap_next_ex() crashes

From: Selçuk Cevher <cevhers@xxxxxxxxx>
Date: Fri, 5 Mar 2010 10:15:29 +0200
Hi All,

I wrote a small program which calls pcap_next_ex() function to read packets while processing a bunch of PCAP files (offline mode) "sequentially" - one after another.

However, pcap_next_ex() generates a segmentation fault (I observed this using GNU gdb).

By the way, my program also produces some user logs so that I have the opportunity to observe which PCAP file is being processed at a certain time.

On the other hand, when I re-run the same program with the individual PCAP file as the only program input, which I observed in the user logs that pcap_next_ex() generated segfault in the previous run while the file was being processed, I observe no crash.

Hence, I began to think that there is problem with pcap_next_ex() in terms of memory leak, etc which becomes apparent when it is called successively for a bunch of PCAP files, not for a single file.

Questions:

1. Is there such a pcap_next_ex() behaviour reported before ?

2. If you think, this is impossible, what might I be doing wrong ?

3. Should I use some other function other than pcap_next_ex() ?

etc.

I use Ubuntu 9.10 (64-bit).

libpcap version is 1.0.0-2ubuntu1

Thanks.