Wireshark-bugs: [Wireshark-bugs] [Bug 2410] Buildbot crash output: fuzz-2008-04-05-428.pcap
Date: Thu, 10 Apr 2008 15:46:13 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2410





--- Comment #1 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>  2008-04-10 15:46:11 GMT ---
I could reproduce this on Linux.  Here's the backtrace:

#0  dissect_nbss (tvb=0xeb6f18, pinfo=0xe81110, tree=0xeb8f50) at
packet-nbns.c:1678
1678            if (!tcpinfo->is_reassembled) {
(gdb) bt
#0  dissect_nbss (tvb=0xeb6f18, pinfo=0xe81110, tree=0xeb8f50) at
packet-nbns.c:1678
#1  0x0000002a961ec25c in call_dissector_through_handle (handle=0xbc3790,
tvb=0xeb6f18, pinfo=0xe81110, tree=0xeb8f50)
    at packet.c:396
#2  0x0000002a961ec8a1 in call_dissector_work (handle=0xbc3790, tvb=0xeb6f18,
pinfo_arg=0xe81110, tree=0xeb8f50)
    at packet.c:485
#3  0x0000002a961ecd29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#4  0x0000002a965ccf87 in decode_tcp_ports (tvb=Variable "tvb" is not
available.
) at packet-tcp.c:2392
#5  0x0000002a965cd283 in process_tcp_payload (tvb=0xe881a0, offset=916,
pinfo=0xe81110, tree=0xeb8f50, 
    tcp_tree=0xeb9100, src_port=17581, dst_port=445, seq=0, nxtseq=0,
is_tcp_segment=0, tcpd=0xec5210)
    at packet-tcp.c:2451
#6  0x0000002a965cd906 in dissect_tcp_payload (tvb=0xe881a0, pinfo=0xe81110,
offset=Variable "offset" is not available.
) at packet-tcp.c:1511
#7  0x0000002a965cf5ae in dissect_tcp (tvb=0xe881a0, pinfo=0xe81110,
tree=0xeb8f50) at packet-tcp.c:3178
#8  0x0000002a961ec25c in call_dissector_through_handle (handle=0xc0f6e0,
tvb=0xe881a0, pinfo=0xe81110, tree=0xeb8f50)
    at packet.c:396
#9  0x0000002a961ec8a1 in call_dissector_work (handle=0xc0f6e0, tvb=0xe881a0,
pinfo_arg=0xe81110, tree=0xeb8f50)
    at packet.c:485
#10 0x0000002a961ecd29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#11 0x0000002a964187e8 in dissect_ip (tvb=0xe88148, pinfo=0xe81110,
parent_tree=0xeb8f50) at packet-ip.c:1564
#12 0x0000002a961ec25c in call_dissector_through_handle (handle=0x79bd10,
tvb=0xe88148, pinfo=0xe81110, tree=0xeb8f50)
    at packet.c:396
#13 0x0000002a961ec8a1 in call_dissector_work (handle=0x79bd10, tvb=0xe88148,
pinfo_arg=0xe81110, tree=0xeb8f50)
    at packet.c:485
#14 0x0000002a961ecd29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#15 0x0000002a96373706 in ethertype (etype=2048, tvb=0xe881f8,
offset_after_etype=14, pinfo=0xe81110, tree=0xeb8f50, 
    fh_tree=0xebcd90, etype_id=13830, trailer_id=13832, fcs_len=-1) at
packet-ethertype.c:215
#16 0x0000002a96370fe7 in dissect_eth_common (tvb=0xe881f8, pinfo=0xe81110,
parent_tree=0xeb8f50, fcs_len=-1)
    at packet-eth.c:338
#17 0x0000002a961ec25c in call_dissector_through_handle (handle=0xb7e1c0,
tvb=0xe881f8, pinfo=0xe81110, tree=0xeb8f50)
    at packet.c:396
#18 0x0000002a961ec8a1 in call_dissector_work (handle=0xb7e1c0, tvb=0xe881f8,
pinfo_arg=0xe81110, tree=0xeb8f50)
    at packet.c:485
#19 0x0000002a961ecd29 in dissector_try_port (sub_dissectors=Variable
"sub_dissectors" is not available.
) at packet.c:870
#20 0x0000002a963a98f9 in dissect_frame (tvb=0xe881f8, pinfo=0xe81110,
parent_tree=0xeb8f50) at packet-frame.c:305
#21 0x0000002a961ec25c in call_dissector_through_handle (handle=0x6ef700,
tvb=0xe881f8, pinfo=0xe81110, tree=0xeb8f50)
    at packet.c:396
#22 0x0000002a961ec8a1 in call_dissector_work (handle=0x6ef700, tvb=0xe881f8,
pinfo_arg=0xe81110, tree=0xeb8f50)
    at packet.c:485
#23 0x0000002a961ee281 in call_dissector (handle=Variable "handle" is not
available.
) at packet.c:1787
#24 0x0000002a961ee7ea in dissect_packet (edt=0xe81100, pseudo_header=Variable
"pseudo_header" is not available.
) at packet.c:332
#25 0x000000000041b744 in process_packet (cf=0x531c20, offset=Variable "offset"
is not available.
) at tshark.c:2458
#26 0x000000000041d5bb in main (argc=Variable "argc" is not available.
) at tshark.c:2250



(gdb) print tcpinfo
$1 = (struct tcpinfo *) 0x0
(gdb) print pinfo->private_data
$2 = (void *) 0x0
(gdb) frame 7
#7  0x0000002a965cf5ae in dissect_tcp (tvb=0xe881a0, pinfo=0xe81110,
tree=0xeb8f50) at packet-tcp.c:3178
3178          dissect_tcp_payload(tvb, pinfo, offset, tcph->th_seq, nxtseq,
(gdb) print &tcpinfo
$3 = (struct tcpinfo *) 0x7fbfffe890



I'm not sure why/where private_data is getting reset between dissect_tcp() and
dissect_nbss().


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.