Ethereal-dev: Re: [Ethereal-dev] Bug report for ethereal-0.10.10 on Fedora x86_64 version

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Pierre JUHEN <pierre.juhen@xxxxxxxxxx>
Date: Thu, 17 Mar 2005 22:25:25 +0100
Going further, in cf_close, it seems that
   cf_reset_state is innocent

so I would say that
  cf_callback_invoke(cf_cb_file_closed, cf);
is guilty

I stop for tonight....




Pierre JUHEN a écrit :

Hello,

I did recompile, and tried to locate the problem using gdb.

It occurs in do_capture :

/* ------------------------------------------------------------------------------------------------------------------------------*/
gboolean
do_capture(capture_options *capture_opts)
{
 gboolean is_tempfile;
 gboolean ret;


 /* open the new output file (temporary/specified name/ringbuffer) */
 if(!capture_open_output(capture_opts, &is_tempfile)) {
   return FALSE;
 }

 /* close the currently loaded capture file */
 cf_close(capture_opts->cf);

/* We could simply use TRUE for this expression now, this will work for all * captures except for some of the multiple files options, as these capture
  * options currently cannot be passed through the command line to the
  * capture child.
  *
* If this is fixed, we could always use the sync mode, throwing away the
  * normal mode completely and doing some more cleanup. */
/*  if (TRUE) {*/
 if (capture_opts->sync_mode) {
   /* sync mode: do the capture in a child process */
   ret = sync_pipe_do_capture(capture_opts, is_tempfile);

/* ------------------------------------------------------------------------------------------------------------------------------*/

whe I put a break point at the beginning and step one instruction I have :

(gdb) print capture_opts
$11 = (capture_options *) 0x60b2e0

and

(gdb) print *capture_opts
$12 = {cf = 0x5fb100, cfilter = 0xa8f810 "", iface = 0xca57c0 "eth0", has_snaplen = 0, snaplen = 68, promisc_mode = 1, linktype = -1, capture_child = 0, save_file = 0x0, save_file_fd = -1, sync_mode = 1, show_info = 0, quit_after_cap = 0, multi_files_on = 0, has_file_duration = 0, file_duration = 60, has_ring_num_files = 1, ring_num_files = 2, has_autostop_files = 0, autostop_files = 1, has_autostop_packets = 0, autostop_packets = 0, has_autostop_filesize = 0, autostop_filesize = 1048576, has_autostop_duration = 0, autostop_duration = 60, fork_child = -1}

which is correct

Then I put a second breakpoint before "sync_pipe_do_capture(capture_opts, is_tempfile)"

I get

(gdb) print capture_opts
$13 = (capture_options *) 0x7fbfffdeac
(gdb) print *capture_opts
$14 = {cf = 0xc586f000000001, cfilter = 0x6496d000000000 <Address 0x6496d000000000 out of bounds>, iface = 0x706d742f00000000 <Address 0x706d742f00000000 out of bounds>, has_snaplen = 1752458543, snaplen = 1482191461, promisc_mode = 1448237144, linktype = 845242968, capture_child = 0, save_file = 0x6407e000000033 <Address 0x6407e000000033 out of bounds>, save_file_fd = 0, sync_mode = 6592208, show_info = 0, quit_after_cap = 6555616, multi_files_on = 0, has_file_duration = 2108856777, file_duration = 51, has_ring_num_files = 6553696, ring_num_files = 0, has_autostop_files = 12945136, autostop_files = 0, has_autostop_packets = 10616512, autostop_packets = 0, has_autostop_filesize = 4523330, autostop_filesize = 0, has_autostop_duration = 1, autostop_duration = 0, fork_child = 13043216}


Obvisously, the stack has been corrupted in between.

Going further, before calling cf_close, the stack is still OK.

Therefore, cf_close corrupts the stack....

Thank you for your help....

Pierre JUHEN