Wireshark-bugs: [Wireshark-bugs] [Bug 5802] Rewrite&cleanup wiretap/file_wrappers
Date: Sat, 9 Apr 2011 18:22:53 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5802

--- Comment #35 from Guy Harris <guy@xxxxxxxxxxxx> 2011-04-09 18:22:49 PDT ---
I have a very large gzipped file that is cut short, so that in zlib_read(), in
the

        /* fill output buffer up to end of deflate stream */

loop, it fails in the

                if (state->avail_in == 0) {

test.

If I then scroll to the end of the packet list, it tries to go back and reread
some of the packets that it managed to read before getting an EOF; the attempts
to reread them fail in that test, even though it was able to read them in the
sequential pass.

When doing the sequential read, the calls to raw_read() are, with the offsets
into the compressed file at the time raw_read() is called being:

    ...

265203712
265207808
265211904

    ...

265515008
265519104
265523200
265527296
265531392
265535488

with the call at the last offset returning 0 bytes, causing an EOF while
inflating.

The random reads after that start with a fast seek to an offset of 265260508,
followed by raw_read() calls with offsets of:

265260508
265264604
265268700
265272796

    ...

265522652
265526748
265530844
265534940

with the call at the last offset returning 0 bytes, causing an EOF while
inflating.

It did several other raw_read() calls at the same offset, as it's trying to get
the contents of the other packets; they all got 0 bytes back.

The problem isn't that it's getting a premature EOF; the problem is that the
random reads are aborting with a premature EOF when they're trying to read
packets for which it *didn't* get a premature EOF in the sequential read pass.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.