Ethereal-dev: RE: [Ethereal-dev] Double-free tvb bug in HTTP dissector with gzi p decompressio
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Biot Olivier <Olivier.Biot@xxxxxxxxxxx>
Date: Fri, 7 May 2004 13:22:32 +0200
|-----Original Message----- |From: Jerry Talkington | |On Thu, May 06, 2004 at 11:51:36PM +0200, Olivier Biot wrote: |> |> Hi list, |> |> If you open the attached capture with Ethereal, you can |freely inspect |> it and see the dissected decompression. However, if you enter a |> display filter like "http" which matches the packet, Ethereal will |> crash in epan_dissect_free() at the very end of having filtered all |> packets (I tested this with a 9 MB capture). The crash does |not happen |> if you disable the HTTP dissector. | |Hmm, I wasn't able to get a crash on my Mac, but I was on my Linux box. |However, I didn't like the gtk2 interface, so I made distclean, reran |autogen.sh, configured and ran make, and the crash doesn't happen |anymore. | |I reran autogen.sh, configured with gtk2 again, and the crash still |doesn't appear. Try rerunning autogen.sh. In the meantime, I'll try |setting up a build environment on a Windows machine. I can only say that the bug is still present, even after a thorough distclean and a complete remake of ethereal on cygwin. This is wat I did: # Remake the makefiles so make distclean doesn't remake the makefiles individually $ ./config.status $ make distclean # Refresh the checked out tree [status of ~5 hours ago] $ cvs -z9 update -Pd $ ./autogen.sh $ ./configure --with-extra-gcc-checks --enable-gtk2 $ make 3 hours later the compilation terminated on my laptop. I then open a debug session with the capture file I previously sent to the list: $ ./libtool gdb --args ./ethereal -r /home/be322008/Desktop/Ethereal/BigCap-gzip-not-chunked-response.snoop *** Warning: inferring the mode of operation is deprecated. *** Future versions of Libtool will require -mode=MODE be specified. GNU gdb 2003-09-20-cvs (cygwin-special) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-cygwin"... (gdb) r Starting program: /home/Administrator/Ethereal/cvs/ethereal/.libs/lt-ethereal.exe -r /home/be322008/Desktop/Ethereal/BigCap-gzip-not-chunked-response.snoop [Entered "http" as display filter (without quotes) and applied the dfilter] Program received signal SIGSEGV, Segmentation fault. tvb_free_chain (tvb=0x1) at tvbuff.c:221 221 for (slist = tvb->used_in; slist != NULL ; slist = slist->next) { (gdb) bt full #0 tvb_free_chain (tvb=0x1) at tvbuff.c:221 tvb = (tvbuff_t *) 0x1 slist = (GSList *) 0x1033e118 #1 0x00e5609a in tvb_free_chain (tvb=0x103d1f58) at tvbuff.c:222 tvb = (tvbuff_t *) 0x103d1f58 slist = (GSList *) 0x1033e118 #2 0x00e5609a in tvb_free_chain (tvb=0x1033e180) at tvbuff.c:222 tvb = (tvbuff_t *) 0x1033e180 slist = (GSList *) 0x103d1f40 #3 0x00e5609a in tvb_free_chain (tvb=0x1033e118) at tvbuff.c:222 tvb = (tvbuff_t *) 0x1033e118 slist = (GSList *) 0x10311680 #4 0x00e5609a in tvb_free_chain (tvb=0x1033e0e4) at tvbuff.c:222 tvb = (tvbuff_t *) 0x1033e0e4 slist = (GSList *) 0x103d1f68 #5 0x00e5609a in tvb_free_chain (tvb=0x1033e0b0) at tvbuff.c:222 tvb = (tvbuff_t *) 0x1033e0b0 slist = (GSList *) 0x103d1f60 #6 0x00e5609a in tvb_free_chain (tvb=0x1033e07c) at tvbuff.c:222 tvb = (tvbuff_t *) 0x1033e07c slist = (GSList *) 0x103d1f50 #7 0x00e5609a in tvb_free_chain (tvb=0x1033e048) at tvbuff.c:222 tvb = (tvbuff_t *) 0x1033e048 slist = (GSList *) 0x103d1f38 #8 0x00e5609a in tvb_free_chain (tvb=0x1033dfe0) at tvbuff.c:222 tvb = (tvbuff_t *) 0x1033dfe0 slist = (GSList *) 0x103d1f48 #9 0x00e461a1 in epan_dissect_free (edt=0x103d3a08) at epan.c:166 edt = (epan_dissect_t *) 0x103d3a08 #10 0x0040c756 in _fu189__num_tap_filters () at file.c:896 fdata = (frame_data *) 0x103d3a08 pseudo_header = (union wtap_pseudo_header *) 0x1 buf = (const guchar *) 0x1 <Address 0x1 out of bounds> refilter = 0 args = {colorf = 0x1028e958, edt = 0x103d3a08} row = 0 create_proto_tree = 272448008 edt = (epan_dissect_t *) 0x103d3a08 args = {colorf = 0x1028e958, edt = 0x103d3a08} #11 0x0040d068 in rescan_packets (cf=0x4b3a08, action=0x4b3a98 "\b", action_item=0x1 <Address 0x1 out of bounds>, refilter=2285872, redissect=2285876) at file.c:1215 fdata = (frame_data *) 0x1033eccc progbar = (progdlg_t *) 0x103d1f38 stop_flag = 15032474 count = 271747760 err = 271835208 err_info = (gchar *) 0x22e05c "|à\"" selected_frame = (frame_data *) 0x10328a70 preceding_frame = (frame_data *) 0x7facef following_frame = (frame_data *) 0x1033e0b0 prev_frame = (frame_data *) 0xe5609a selected_row = 2285628 prev_row = 271835260 preceding_row = 272441168 following_row = 3568 selected_frame_seen = 1 row = 1 prog_val = 0 start_time = {tv_sec = 271835260, tv_usec = 271746540} status_str = "\030¦~\000°\2122\020H\037=\020àß3\020|à\"\000\232`å\000Hà3\020°\2122\020ç¢\ "\000\b:=\020\b:=\020\b:=\020\214à\"\000¡aä\000àß3\020Ìì3\020Ìà\"\000VÇ@\000 \b:=\020lé(\020`é(\020Ìì3\020¬:L\000ÖY\001\000\b:K" progbar_nextstep = 271835364 progbar_quantum = 15032474 #12 0x004b3980 in filter_tb () No symbol table info available. #13 0x1033ec88 in ?? () No symbol table info available. (gdb) I think step 10 in the backtrace is interesting: take a close look at the values of pseudo_header and buf. Maybe we're having a HTTP tap issue here? #10 0x0040c756 in _fu189__num_tap_filters () at file.c:896 fdata = (frame_data *) 0x103d3a08 pseudo_header = (union wtap_pseudo_header *) 0x1 buf = (const guchar *) 0x1 <Address 0x1 out of bounds> refilter = 0 args = {colorf = 0x1028e958, edt = 0x103d3a08} row = 0 create_proto_tree = 272448008 edt = (epan_dissect_t *) 0x103d3a08 args = {colorf = 0x1028e958, edt = 0x103d3a08} Anybody a clue? Regards, Olivier
- Follow-Ups:
- Prev by Date: [Ethereal-dev] base64_decode name clash (util.c vs. Heimdal w/ --with-krb5)
- Next by Date: Re: [Ethereal-dev] HTTP gzip/deflate decompression patch - zlib a nd gzip on Win32
- Previous by thread: Re: [Ethereal-dev] Re: [PATCH] acinclude.m4, configure.in
- Next by thread: Re: [Ethereal-dev] Double-free tvb bug in HTTP dissector with gzi p decompression? - or in HTTP tap?
- Index(es):