Ethereal-dev: Re: [Ethereal-dev] tvbuff.c: tvb_memcpy: assertion failed: (length >= -1) w/b

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Ronnie Sahlberg" <sahlberg@xxxxxxxxxxxxxxxx>
Date: Sat, 30 Mar 2002 00:20:39 +1100
Hi,

The problem seems to be that dissect_qfsi_vals() specifies an incorrect
(random)
value for length when calling get_unicode_or_ascii_string().

Since I dont have 0.9.2 installed myself line 11082 does not tell me where
it went wrong.
I had a quick look at dissect_qfsi_vals() and did not see anything obviously
wrong with it.

Can you send me the capture that crashed ehtereal so I can look at it?
If not, in GDB, can you run
frame 6
print si->info_level
print fn_len
And tell me what it says


----- Original Message -----
From: "Marcin Gryszkalis"
Sent: Friday, March 29, 2002 10:42 PM
Subject: [Ethereal-dev] tvbuff.c: tvb_memcpy: assertion failed: (length
>= -1) w/bt


> tethereal 0.9.2, with GLib 1.2.10, with libpcap 0.7, with libz 1.1.3,
> without SNMP, FreeBSD 4.5
>
> I include backtrace, the #4 looks good :)
>
> ** ERROR **: file tvbuff.c: line 927 (tvb_memcpy): assertion failed:
> (length >= -1)
> aborting...
> Abort trap - core dumped
>
> 0x284a3e05 in abort () from /usr/lib/libc.so.4
> #2  0x283f233c in g_logv () from /usr/local/lib/libglib12.so.3
> #3  0x283f23e9 in g_log () from /usr/local/lib/libglib12.so.3
> #4  0x81f9cf5 in tvb_memcpy (tvb=0x83f0550, target=0x8365f08
> "irose_iroared_iwill_iam.jpg", offset=12,
>      length=-1833650688) at tvbuff.c:927
> #5  0x818314b in get_unicode_or_ascii_string (tvb=0x83f0550,
> offsetp=0xbfbfe5f4, pinfo=0x83cfa08, len=0xbfbfe5d8,
>      nopad=0, exactlen=1, bcp=0xbfbfe612) at packet-smb.c:12617
> #6  0x81811f6 in dissect_qfsi_vals (tvb=0x83f0550, pinfo=0x83cfa08,
> tree=0x83efbc4, offset=12, bcp=0xbfbfe612)
>      at packet-smb.c:11082
> #7  0x81816ac in dissect_transaction2_response_data (tvb=0x83f0550,
> pinfo=0x83cfa08, parent_tree=0xc08a590)
>      at packet-smb.c:11209
> #8  0x8182861 in dissect_transaction_response (tvb=0x83f04e8,
> pinfo=0x83cfa08, tree=0xc08a590, offset=16404,
>      smb_tree=0x84050cc) at packet-smb.c:11726
> #9  0x8182c32 in dissect_smb_command (tvb=0x83f04e8, pinfo=0x83cfa08,
> top_tree=0x83ef818, offset=32,
>      smb_tree=0x84050cc, cmd=50 '2') at packet-smb.c:12121
> #10 0x8184146 in dissect_smb (tvb=0x83f04e8, pinfo=0x83cfa08,
> parent_tree=0x83ef818) at packet-smb.c:14199
> #11 0x81f0180 in dissector_try_heuristic (sub_dissectors=0x8380218,
> tvb=0x83f04e8, pinfo=0x83cfa08, tree=0x83ef818)
>      at packet.c:924
> #12 0x8116f21 in dissect_netbios_payload (tvb=0x83f04e8,
> pinfo=0x83cfa08, tree=0x83ef818) at packet-netbios.c:967
> #13 0x8110876 in dissect_nbss_packet (tvb=0x83f04b4, offset=4,
> pinfo=0x83cfa08, tree=0x83ef818, max_data=1460,
>      is_cifs=0) at packet-nbns.c:1524
> #14 0x8110b84 in dissect_nbss (tvb=0x83f04b4, pinfo=0x83cfa08,
> tree=0x83ef818) at packet-nbns.c:1708
> #15 0x81ef9d7 in dissector_try_port (sub_dissectors=0x8395880, port=139,
> tvb=0x83f04b4, pinfo=0x83cfa08,
>      tree=0x83ef818) at packet.c:563
> #16 0x819dcea in decode_tcp_ports (tvb=0x83f0480, offset=20,
> pinfo=0x83cfa08, tree=0x83ef818, src_port=139,
>      dst_port=1273) at packet-tcp.c:891
> #17 0x819eb3c in dissect_tcp (tvb=0x83f0480, pinfo=0x83cfa08,
> tree=0x83ef818) at packet-tcp.c:1220
> #18 0x81ef9d7 in dissector_try_port (sub_dissectors=0x837df40, port=6,
> tvb=0x83f0480, pinfo=0x83cfa08, tree=0x83ef818)
>      at packet.c:563
> #19 0x80d8b8b in dissect_ip (tvb=0x83f044c, pinfo=0x83cfa08,
> tree=0x83ef818) at packet-ip.c:1116
> #20 0x81ef9d7 in dissector_try_port (sub_dissectors=0x837da20,
> port=2048, tvb=0x83f044c, pinfo=0x83cfa08,
>      tree=0x83ef818) at packet.c:563
> #21 0x80b1d48 in ethertype (etype=2048, tvb=0x83f0418,
> offset_after_etype=14, pinfo=0x83cfa08, tree=0x83ef818,
>      fh_tree=0xc08e8a4, etype_id=795, trailer_id=797) at
> packet-ethertype.c:157
> #22 0x80b1aaa in dissect_eth (tvb=0x83f0418, pinfo=0x83cfa08,
> tree=0x83ef818) at packet-eth.c:230
> #23 0x81ef9d7 in dissector_try_port (sub_dissectors=0x837da80, port=1,
> tvb=0x83f0418, pinfo=0x83cfa08, tree=0x83ef818)
>      at packet.c:563
> #24 0x80b364d in dissect_frame (tvb=0x83f0418, pinfo=0x83cfa08,
> tree=0x83ef818) at packet-frame.c:143
> #25 0x81f066f in call_dissector (handle=0x837f180, tvb=0x83f0418,
> pinfo=0x83cfa08, tree=0x83ef818) at packet.c:1069
> #26 0x81ef52b in dissect_packet (edt=0x83cfa00, pseudo_header=0x0,
> pd=0x83e7012 "", fd=0xbfbff398, cinfo=0x837c4dc)
>      at packet.c:288
> #27 0x81ed661 in epan_dissect_run (edt=0x83cfa00, pseudo_header=0x0,
> data=0x83e7012 "", fd=0xbfbff398, cinfo=0x837c4dc)
>      at epan.c:100
> #28 0x81d8800 in wtap_dispatch_cb_print (user=0xbfbff410 "??6\b",
> phdr=0xbfbff41c, offset=0, pseudo_header=0x0,
>      buf=0x83e7012 "") at tethereal.c:1417
> #29 0x81d7f74 in capture_pcap_cb (user=0x83668c0 "\001", phdr=0x83e7000,
> pd=0x83e7012 "") at tethereal.c:1089
> #30 0x8204f70 in pcap_read ()
> #31 0x82053f6 in pcap_dispatch ()
> #32 0x81d7bbb in capture (packet_count=-1, out_file_type=2) at
> tethereal.c:982
> #33 0x81d76cc in main (argc=8, argv=0xbfbffcc4) at tethereal.c:792
> #34 0x805fb45 in _start ()
>