Wireshark-bugs: [Wireshark-bugs] [Bug 1412] New: HTTP "dissector bug" when downloading large chu
Date: Sat, 3 Mar 2007 10:01:18 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1412

           Summary: HTTP "dissector bug" when downloading large chunks of
                    data
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ulf.lamping@xxxxxx


Build Information:
Version 0.99.6

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.6, with GLib 2.12.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0
(packet.dll version 4.0.0.755), based on libpcap version 0.9.5, with AirPcap
2.0.0 build 708.

Built using Microsoft Visual C++ 8.0 build 50727

--
While downloading winamp.exe (~6,5MB) from the winamp homepage, I got the
following console message (also similiar appearing in the packet list):

10:41:51          Warn Dissector bug, protocol HTTP, in packet 7633:
emem.c:444:
 failed assertion "size<(10485760>>2)"

Following the call stack, I got to the line 1085 in packet-http.c:

                stat_info->payload_data = se_memdup(next_tvb->real_data,
                                                    next_tvb->length);

trying to allocate the size of the winamp.exe, which in turn emem.c doesn't
like very much.

I don't know the right way to fix this, as I don't know the HTTP dissector
well.  

However, downloading that size of data using HTTP is a common thing, so the
dissector shouldn't thow a bug.

This should be easily reproducable. If required, I could attach the 7,5MB
capture file here.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.