Wireshark-bugs: [Wireshark-bugs] [Bug 1956] Wireshark crashes on certain display filters (ftype
Date: Tue, 6 Nov 2007 04:40:18 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1956


ellocodelassembler@xxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         OS/Version|Windows XP                  |All




------- Comment #3 from ellocodelassembler@xxxxxxxxx  2007-11-06 04:40 GMT -------
Now I've tried on a Debian Linux box.

Take a look at this when I use "ip.addr & 1.2.3.4":
(gdb) frame
#0  cmp_bytes_bitwise_and (fv_a=0x8a672d0, fv_b=0x8800e80) at ftype-ipv4.c:178
178             if (b->len != a->len) {
(gdb) info args
fv_a = (fvalue_t *) 0x8a672d0
fv_b = (fvalue_t *) 0x8800e80
(gdb) info locals
a = (GByteArray *) 0xc0a800fc
b = (GByteArray *) 0x1020304
i = <value optimized out>
p_a = <value optimized out>
p_b = <value optimized out>

Do you see somewhat strange pointers? ;)
c0.a8.00.fc = 192.168.0.252
01.02.03.04 = 1.2.3.4

I have replaced the function completely with the code below but since the
incoming data type is so much unexpected (and because this is my first time
digging in WireShark sources), I can't assure that this patch is valid and
although it worked well with the tested expression, I really don't know if the
same function can be reached from some code that actually sends the expected
type.

static gboolean cmp_bytes_bitwise_and(fvalue_t *fv_a, fvalue_t *fv_b)
{
  guint i, and;
  gboolean res;

  and = (guint)fv_a->value.bytes & (guint)fv_b->value.bytes;

/* I can't remember the magic trick so I use a looped version of the
find-zero-byte-on-dword algo */
  for (i = 4, res = TRUE; i; i--){
    res &= (char)and != 0;
    and >>= 8;
  }
  return res;
}

I also copy the original function for reference:
static gboolean cmp_bytes_bitwise_and(fvalue_t *fv_a, fvalue_t *fv_b)
{
        GByteArray      *a = fv_a->value.bytes;
        GByteArray      *b = fv_b->value.bytes;
        guint i = 0;
        unsigned char *p_a, *p_b;

        if (b->len != a->len) {
                return FALSE;
        }
        p_a = a->data;
        p_b = b->data;
        while (i < b->len) {
                if (p_a[i] & p_b[i])
                        i++;
                else
                        return FALSE;
        }
        return TRUE;
}

Cheers


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.