ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online

Wireshark-dev: [Wireshark-dev] malformed packet for no reason

From: "Yosi Saggi" <yosis@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 21 Mar 2011 14:56:08 +0200

Hi everyone

I have a dissector that works on Ethernet type “FFFF”. Its proprietary data parsing between two systems.

If the Ethernet type is FFFF my dissector comes in to dissect the data over the Ethernet.

The following code is a function that dissects a part of the packet. It works fine for 5 number of data arrays (see the first FOR loop). When it gets to the 6th it crashes and goes to the CATCH ALL case in the “packet-ethertype.c” file in line 287, to the show exception finction.

I don’t unsersatnd what reason is there to crash after 5 loops. It works fine until it gets to  num_of_data_arrs = 6.

Can anyone help?


    col_set_str (pinfo->cinfo, COL_INFO, " DATA_REQ");


    sdk_msg_data = proto_item_add_subtree(tree, ett_ sdk_msg_data);


/* Number of data arrays */

    num_of_data_arrs = tvb_get_guint8(tvb, *plen);

    proto_tree_add_uint(sdk_msg_data, hf_ DATA_ELMS_REQ_num_of_tbs, tvb, *plen, 1, num_of_data_arrs);

    *plen += 1;


    val = tvb_get_ntoh24(tvb, *plen);

    proto_tree_add_uint(dan_lte_sdk_msg_data, hf_ DATA_ELMS_REQ_reserve0, tvb, *plen, 3, val);

    *plen += 3;


    /* Loop over data arrays */

    for (i = 0; i < num_of_data_arrs; i++)


        ti = proto_tree_add_protocol_format(sdk_msg_data, proto_xxx _sdk, tvb, (36+i*(4+data_size)), 4,

                                          " DATA_ELM_ARR[%d]", i);

        sdk_msg_tb_dsc = proto_item_add_subtree(ti, ett_ msg_data_subtree1);



        val = tvb_get_guint8(tvb, *plen);

        proto_tree_add_uint(msg_tb_dsc, hf_ DATA_ELMS_REQ_reserve1, tvb, *plen, 1, val);

        *plen += 1;


        val = tvb_get_guint8(tvb, *plen);

        tb_idx = val;

        proto_tree_add_uint(sdk_msg_tb_dsc, hf _AIRDL_PDSCH_DATA_ELMS_REQ_tb_idx, tvb, *plen, 1, val);

        *plen += 1;



                                num_of_data_chunks = tvb_get_ntohs(tvb, *plen);

        proto_tree_add_uint(sdk_msg_tb_dsc, hf_ AIRDL_PDSCH_DATA_ELMS_REQ_num_of_data_chunks, tvb, *plen, 2, num_of_data_chunks);

                                *plen += 2;


                                /* Loop over data elements */

                    for (j = 0; j < num_of_data_chunks; j++)


                ei = proto_tree_add_protocol_format(sdk_msg_tb_dsc, proto_xxx_sdk, tvb, (40+i*(4+data_size)), 4,

                                              "PDSCH_TB_DATA_CHUNKS[%d]", j);

                        sdk_msg_chunk_dsc = proto_item_add_subtree(ei, ett _sdk_msg_data_subtree2);


                                                data_size = tvb_get_ntohs(tvb, *plen);

                proto_tree_add_uint(dan_lte_sdk_msg_chunk_dsc, hf _AIRDL_PDSCH_DATA_ELMS_REQ_tb_size, tvb, *plen, 2, data_size);

                *plen += 2;


                val = tvb_get_ntohs(tvb, *plen);

                proto_tree_add_uint(sdk_msg_chunk_dsc, hf_ AIRDL_PDSCH_DATA_ELMS_REQ_reserve2, tvb, *plen, 2, val);

                *plen += 2;


               val_ptr = tvb_get_ptr(tvb, *plen, data_size);

                proto_tree_add_bytes(sdk_msg_chunk_dsc, hf_ AIRDL_PDSCH_DATA_ELMS_REQ_tb_data, tvb, *plen, data_size, val_ptr);

                *plen += data_size;