Ethereal-dev: Re: [Ethereal-dev] Bug report for ethereal-0.10.10 on Fedora x86_64 version
Going further, in cf_close, it seems that
cf_reset_state is innocent
so I would say that
cf_callback_invoke(cf_cb_file_closed, cf);
is guilty
I stop for tonight....
Pierre JUHEN a écrit :
Hello,
I did recompile, and tried to locate the problem using gdb.
It occurs in do_capture :
/*
------------------------------------------------------------------------------------------------------------------------------*/
gboolean
do_capture(capture_options *capture_opts)
{
gboolean is_tempfile;
gboolean ret;
/* open the new output file (temporary/specified name/ringbuffer) */
if(!capture_open_output(capture_opts, &is_tempfile)) {
return FALSE;
}
/* close the currently loaded capture file */
cf_close(capture_opts->cf);
/* We could simply use TRUE for this expression now, this will work
for all
* captures except for some of the multiple files options, as these
capture
* options currently cannot be passed through the command line to the
* capture child.
*
* If this is fixed, we could always use the sync mode, throwing away
the
* normal mode completely and doing some more cleanup. */
/* if (TRUE) {*/
if (capture_opts->sync_mode) {
/* sync mode: do the capture in a child process */
ret = sync_pipe_do_capture(capture_opts, is_tempfile);
/*
------------------------------------------------------------------------------------------------------------------------------*/
whe I put a break point at the beginning and step one instruction I
have :
(gdb) print capture_opts
$11 = (capture_options *) 0x60b2e0
and
(gdb) print *capture_opts
$12 = {cf = 0x5fb100, cfilter = 0xa8f810 "", iface = 0xca57c0 "eth0",
has_snaplen = 0, snaplen = 68, promisc_mode = 1, linktype = -1,
capture_child = 0,
save_file = 0x0, save_file_fd = -1, sync_mode = 1, show_info = 0,
quit_after_cap = 0, multi_files_on = 0, has_file_duration = 0,
file_duration = 60,
has_ring_num_files = 1, ring_num_files = 2, has_autostop_files = 0,
autostop_files = 1, has_autostop_packets = 0, autostop_packets = 0,
has_autostop_filesize = 0, autostop_filesize = 1048576,
has_autostop_duration = 0, autostop_duration = 60, fork_child = -1}
which is correct
Then I put a second breakpoint before
"sync_pipe_do_capture(capture_opts, is_tempfile)"
I get
(gdb) print capture_opts
$13 = (capture_options *) 0x7fbfffdeac
(gdb) print *capture_opts
$14 = {cf = 0xc586f000000001, cfilter = 0x6496d000000000 <Address
0x6496d000000000 out of bounds>,
iface = 0x706d742f00000000 <Address 0x706d742f00000000 out of
bounds>, has_snaplen = 1752458543, snaplen = 1482191461, promisc_mode
= 1448237144,
linktype = 845242968, capture_child = 0, save_file = 0x6407e000000033
<Address 0x6407e000000033 out of bounds>, save_file_fd = 0, sync_mode
= 6592208,
show_info = 0, quit_after_cap = 6555616, multi_files_on = 0,
has_file_duration = 2108856777, file_duration = 51, has_ring_num_files
= 6553696,
ring_num_files = 0, has_autostop_files = 12945136, autostop_files =
0, has_autostop_packets = 10616512, autostop_packets = 0,
has_autostop_filesize = 4523330, autostop_filesize = 0,
has_autostop_duration = 1, autostop_duration = 0, fork_child = 13043216}
Obvisously, the stack has been corrupted in between.
Going further, before calling cf_close, the stack is still OK.
Therefore, cf_close corrupts the stack....
Thank you for your help....
Pierre JUHEN