Wireshark-bugs: [Wireshark-bugs] [Bug 1342] Wireshark crashes in MMS/BER dissector endless loop
Date: Sat, 10 Mar 2007 02:38:52 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1342





------- Comment #15 from luis.ontanon@xxxxxxxxx  2007-03-10 02:38 GMT -------

Here we got to bugs: 

1) the stack smasher in mms that Ulf pointed out

2) a problem in packet-frame.c with windows' __try and wshark's
TRY-CATCH-ENDTRY.

After the windows stack-overflow exception is thrown the longjmp stack is
popped  too much causing the attempt to pop the last frame of the longjmp stack
at the ENDTRY in dissect_packet() to dereference an invalid pointer. 

I fixed one similar crash I saw with ENDTRY not being evaluated in
http://anonsvn.wireshark.org/viewvc/viewvc.py?view=rev&revision=20972
and other two potential ones with revs 21014 & 21015

The way this crash happens on windows (the debugger drops me on the atempt to
derreference an invalid ptr in the function called by ENDTRY) makes me think
that both __try and setjmp() use the very same stack, and, I do not know how to
deal with this condition where we got two different players pushing and popping
the same stack.

L


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.