Wireshark-dev: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1110] New: Invalid characters in show
Its trying to print the value of an FT_NONE field, which ends up looking
at uninitialised bytes.
The attached patch doesn't write the "show" attribute for FT_NONE
fields, but does this result in well-formed PDML?
Best regards,
Martin
bugzilla-daemon@xxxxxxxxxxxxx wrote:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1110
Summary: Invalid characters in show attribute in PDML output
Product: Wireshark
Version: 0.99.3
Platform: PC
URL: http://www.redali.com/bugs/wireshare/pdml/
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: paul.blankenbaker@xxxxxxxxxx
CC: paul.blankenbaker@xxxxxxxxxx
This is similar to bug #1026, however it involves Wireshark 0.99.3 and
different packet types.
We've run across an issue in the PDML output from tshark v0.99.3
(Linux build) when we include the "-T pdml".
The XML file being created in some circumstances is not valid
(contains illegal characters) and can't be used by standard XML tools
(firefox won't display it and xlstproc won't process it).
The command being run is:
tshark -t r -r /tmp/badxml.pcap -R 'frame.number == 4' -T pdml
And:
tshark -t r -r /tmp/badxml.pcap -R 'frame.number == 16' -T pdml
The two .pcap files the result of a previous capture.
The issue appears in the output of the "show" attribute of the
"tcp.analysis.ack_lost_segment" field (in badxml4.pdml) and the
"tcp.analysis.keep_alive" field (in badxml16.pdml).
I will attempt to attach the following files to this bug report:
badxml.txt - The text of this bug report.
badxml.pcap - A capture file of a single packet with the problem.
badxml4.pdml - Frame 4 PDML output (bad show value)
badxml16.pdml - Frame 16 PDML output (bad show value)
The above files can also be found at:
http://www.redali.com/bugs/wireshark/pdml/
The following shows the version of tshark I'm running (plus build and OS info):
[root@probe tmp]# tshark -v
TShark 0.99.3
Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.10.3, with libpcap 0.9.4, with libz 1.2.3,
with libpcre 6.3, with Net-SNMP 5.3, with ADNS, without Lua.
Running with libpcap version 0.9.4 on Linux 2.6.17-1.2174_FC5.
KEYWORDS (for people searching): pdml, xml, xsl
Thanks for taking a look,
Paul
Index: print.c
===================================================================
--- print.c (revision 19254)
+++ print.c (working copy)
@@ -330,7 +330,8 @@
fprintf(pdata->fh, "\" pos=\"%d", fi->start);
/* fprintf(pdata->fh, "\" id=\"%d", fi->hfinfo->id);*/
- if (fi->hfinfo->type != FT_PROTOCOL) {
+ if ((fi->hfinfo->type != FT_PROTOCOL) &&
+ (fi->hfinfo->type != FT_NONE)) {
/* Field */
/* XXX - this is a hack until we can just call
