Wireshark-bugs: [Wireshark-bugs] [Bug 1001] free() invalid pointer in dissect_802_3 at packet-ie
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001
------- Comment #21 from gentoo-a7x@xxxxxxxxxxxxxxx 2006-07-29 21:07 GMT -------
After learning gdb and stepping through the code one instruction at a time, it
appears that the setjmp() at epan/except.h:148 (called from TRY at
packet-ieee8023.c:58) is trashing the stack. except_state and exc are
different after the call to setjmp(). In fact, exc and except_state are
mangled in such a way that the code inside the TRY block isn't executed at all
-- it's skipped thanks to the if statement at epan/exceptions.h:180 (which is
how I thought to watch what's going on inside the TRY).
I guess this isn't surprising given that glibc's setjmp is implemented in
assembly and is most certainly not SSP-aware. However, I would have expected
the SSP gcc patch to reimplement setjmp() in some way. A quick Google search
doesn't pull up anything about whether setjmp() should or should not be OK with
the SSP patch. I'll do some more searching.
The thing I don't get is how it's working for non-802.3 packets. Other
dissectors use the exception code too...
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.