Wireshark · Ethereal-dev: Re: [Ethereal-dev] Crash issue with compiled version of 0.10.7

[Guy Harris <gharris@xxxxxxxxx>]

Jeremy Jouglet wrote:

> I have a crash issue with the enclosed cap file with a fresh compiled 
> version of the 0.10.7, the official binaries are working very well.

Do you have a freshly compiled 0.10.7, or you have something compiled 
from SVN or an SVN snapshot from after 0.10.7 was released?

> Any idea of what I have done wrong ?

Assumed that the eDonkey dissector was being careful enough about the 
packets it was dissecting.

It appears that there's an eDonkey packet in that capture (it has the 
right protocol code at the beginning of the TCP data), but the length 
field appears to have a very large value; this caused the computed 
message length to overflow (it's 32-bit), which means that a protocol 
tree item had its length set to a negative value - 0.10.7 didn't check 
for that, but the current verswion of the source does.

I've checked in a change to add support for reassembling eDonkey packets 
split across TCP segments; a side-effect of this is that your capture 
doesn't cause a crash.

> <<crash.patch>>

That's an unrelated patch - are those changes needed in order to fix a 
problem with the Windows build?