Hello,
Thank you for your attention :) Here's what I can tell [I'm limited by
a fact, that this dissector are property of my company and are
private/classified]:
1) GDB stack trace:
Program received signal SIGSEGV, Segmentation
fault.
[Switching to Thread -1239599440 (LWP 17201)]
0xb6fd8c99 in proto_tree_tlv_copy_label (pi_tlv=0x86bcb08) at
proto.c:5478
5478 proto_item *pi_tlv_val =
PITEM_TLV_VALUE_ITEM(pi_tlv);
(gdb) backtrace
#0 0xb6fd8c99 in proto_tree_tlv_copy_label (pi_tlv=0x86bcb08) at
proto.c:5478
#1 0xb6fdd3db in proto_tree_add_tlv (tree=0x86bcac0, hfindex=41706,
tvb=0x936902c, start=6) at proto.c:5501
#2 0xb75c895d in dissect_sub_xxx_message (tvb=0x936902c,
pinfo=0x9459758, tree=0x86bcaa8, gOffset=0, sent_tlv_length=0) at
packet-some-protocol.c:3595
#3 0xb75ce241 in _dissect_main_xxx_message (tvb=0x936902c,
pinfo=0x9459758, tree=0x86bcb38) at packet-some-protocol.c:4056
#4 0xb75be5e1 in call_dissector_catch_bounds_error
(dissector=0xb75cce30 <_dissect_main_xxx_message>, tvb=0x936902c,
pinfo=0x9459758, tree=0x86bcb38) at packet-some-protocol.c:2990
#5 0xb75be644 in dissect_main_xxx_message (tvb=0x0, pinfo=0x86bdae8,
tree=<value optimized out>) at packet-some-protocol.c:7511
#6 0xb75c6c35 in dissect_some_protocol (tvb=0x9368ff8,
pinfo=0x9459758, tree=0x86bcb38) at packet-some-protocol.c:10237
#7 0xb6fcbc68 in call_dissector_through_handle (handle=0x845b4d0,
tvb=0x9368ff8, pinfo=0x9459758, tree=0x86bcb38) at packet.c:387
#8 0xb6fcbf37 in call_dissector_work (handle=0x845b4d0, tvb=0x9368ff8,
pinfo_arg=<value optimized out>, tree=0x86bcb38) at packet.c:562
#9 0xb6fcc394 in call_dissector (handle=0x0, tvb=0x9368ff8,
pinfo=0x9459758, tree=0x86bcb38) at packet.c:1706
#10 0xb75e2f39 in phy_xxx_message (tvb=0x9368fc4, offset=3076402701,
pinfo=0x9459758, tree=0x86bcaf0, main_tree=0x86bcb38) at
packet-some-phy-protocol.c:2155
#11 0xb75e5687 in dissect_phy_xxx (tvb=0x9368f90, pinfo=0x9459758,
tree=0x86bcb38) at packet-some-phy-protocol.c:2441
#12 0xb6fcbc68 in call_dissector_through_handle (handle=0x83e1160,
tvb=0x9368f90, pinfo=0x9459758, tree=0x86bcb38) at packet.c:387
#13 0xb6fcbf37 in call_dissector_work (handle=0x83e1160, tvb=0x9368f90,
pinfo_arg=<value optimized out>, tree=0x86bcb38) at packet.c:562
#14 0xb6fcc723 in dissector_try_port (sub_dissectors=0x833a4f0,
port=2303, tvb=0x9368f90, pinfo=0x9459758, tree=0x86bcb38) at
packet.c:837
#15 0xb71f1dab in ethertype (etype=2303, tvb=0x9368f5c,
offset_after_etype=14, pinfo=0x9459758, tree=0x86bcb38,
fh_tree=0x86bca60,
etype_id=8972, trailer_id=8974, fcs_len=-1) at
packet-ethertype.c:194
#16 0xb71eebf9 in dissect_eth_common (tvb=0x9368f5c, pinfo=0x9459758,
parent_tree=0x86bcb38, fcs_len=-1) at packet-eth.c:344
#17 0xb6fcbc68 in call_dissector_through_handle (handle=0x8470ba0,
tvb=0x9368f5c, pinfo=0x9459758, tree=0x86bcb38) at packet.c:387
#18 0xb6fcbf37 in call_dissector_work (handle=0x8470ba0, tvb=0x9368f5c,
pinfo_arg=<value optimized out>, tree=0x86bcb38) at packet.c:562
#19 0xb6fcc723 in dissector_try_port (sub_dissectors=0x8352a80, port=1,
tvb=0x9368f5c, pinfo=0x9459758, tree=0x86bcb38) at packet.c:837
#20 0xb721af52 in dissect_frame (tvb=0x9368f5c, pinfo=0x9459758,
parent_tree=0x86bcb38) at packet-frame.c:286
#21 0xb6fcbc68 in call_dissector_through_handle (handle=0x8352b10,
tvb=0x9368f5c, pinfo=0x9459758, tree=0x86bcb38) at packet.c:387
#22 0xb6fcbf37 in call_dissector_work (handle=0x8352b10, tvb=0x9368f5c,
pinfo_arg=<value optimized out>, tree=0x86bcb38) at packet.c:562
#23 0xb6fcc394 in call_dissector (handle=0x0, tvb=0x9368f5c,
pinfo=0x9459758, tree=0x86bcb38) at packet.c:1706
#24 0xb6fcde06 in dissect_packet (edt=0x9459750,
pseudo_header=0x8173874, pd=0x8173904 "", fd=0x86a71c4,
cinfo=0x8183918) at packet.c:326
#25 0xb6fc7f8e in epan_dissect_run (edt=0x9459750,
pseudo_header=0x8173874, data="" "", fd=0x86a71c4,
cinfo=0x8183918) at epan.c:187
#26 0x0806c136 in add_packet_to_packet_list (fdata=0x86a71c4,
cf=0x8173800, pseudo_header=0x8173874, buf=0x8173904 "", refilter=1) at
file.c:825
#27 0x0806c4d0 in rescan_packets (cf=0x8173800, action=""
"Filtering", action_item=0x93fe7a0 "ip", refilter=1, redissect=0) at
file.c:1449
#28 0x0806c9d1 in cf_filter_packets (cf=0x8173800, dftext=<value
optimized out>, force=0) at file.c:1250
#29 0x08081e82 in main_filter_packets (cf=0x8173800, dftext=0x854f5b8
"ip", force=0) at main.c:578
#30 0x0808206a in filter_activate_cb (w=0x854f510, data="" at
main.c:616
#31 0xb67c0599 in g_cclosure_marshal_VOID__VOID () from
/opt/gnome/lib/libgobject-2.0.so.0
#32 0xb67b38bd in g_closure_invoke () from
/opt/gnome/lib/libgobject-2.0.so.0
#33 0xb67c4243 in g_signal_connect_closure_by_id () from
/opt/gnome/lib/libgobject-2.0.so.0
#34 0xb67c5038 in g_signal_emitv () from
/opt/gnome/lib/libgobject-2.0.so.0
#35 0xb69acc36 in gtk_binding_set_new () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#36 0xb69ad03c in gtk_binding_set_new () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#37 0xb69ad1d3 in gtk_binding_set_new () from /proto_tree_tlv_copy_labelopt/gnome/lib/libgtk-x11-2.0.so.0
#38 0xb69ad2e9 in gtk_bindings_activate_event () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#39 0xb6b75e88 in gtk_widget_freeze_child_notify () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#40 0xb6a0acfb in gtk_entry_new () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#41 0xb6a80bee in gtk_marshal_BOOLEAN__VOID () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#42 0xb67b20c7 in g_value_set_static_boxed () from
/opt/gnome/lib/libgobject-2.0.so.0
#43 0xb67b39ac in g_closure_invoke () from
/opt/gnome/lib/libgobject-2.0.so.0
#44 0xb67c4893 in g_signal_connect_closure_by_id () from
/opt/gnome/lib/libgobject-2.0.so.0
#45 0xb67c588f in g_signal_emit_valist () from
/opt/gnome/lib/libgobject-2.0.so.0
#46 0xb67c5c95 in g_signal_emit () from
/opt/gnome/lib/libgobject-2.0.so.0
#47 0xb6b6b8d8 in gtk_widget_get_default_style () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#48 0xb6b7abb7 in gtk_window_propagate_key_event () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#49 0xb6b7da0c in gtk_window_activate_key () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#50 0xb6a80bee in gtk_marshal_BOOLEAN__VOID () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#51 0xb67b20c7 in g_value_set_static_boxed () from
/opt/gnome/lib/libgobject-2.0.so.0
#52 0xb67b38bd in g_closure_invoke () from
/opt/gnome/lib/libgobject-2.0.so.0
#53 0xb67c4893 in g_signal_connect_closure_by_id () from
/opt/gnome/lib/libgobject-2.0.so.0
#54 0xb67c588f in g_signal_emit_valist () from
/opt/gnome/lib/libgobject-2.0.so.0
#55 0xb67c5c95 in g_signal_emit () from
/opt/gnome/lib/libgobject-2.0.so.0
#56 0xb6b6b8d8 in gtk_widget_get_default_style () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#57 0xb6a7a63a in gtk_propagate_event () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#58 0xb6a7b857 in gtk_main_do_event () from
/opt/gnome/lib/libgtk-x11-2.0.so.0
#59 0xb690c58a in gdk_add_client_message_filter () from
/opt/gnome/lib/libgdk-x11-2.0.so.0
#60 0xb64d2abd in g_main_context_dispatch () from
/opt/gnome/lib/libglib-2.0.so.0
#61 0xb64d5cbf in g_main_context_check () from
/opt/gnome/lib/libglib-2.0.so.0
#62 0xb64d6069 in g_main_loop_run () from
/opt/gnome/lib/libglib-2.0.so.0
#63 0xb6a7bcd4 in gtk_main () from /opt/gnome/lib/libgtk-x11-2.0.so.0
#64 0x08080afc in main (argc=135739392, argv=0x863bef0) at main.c:2894
Ok, now the macro :
#define PITEM_TLV_VALUE_ITEM(proto_item) \
((proto_item) ? (proto_item)->first_child->next->next
: 0)
and the faulty function:
static void
proto_tree_tlv_copy_label(proto_item *pi_tlv) {
char label[ITEM_LABEL_LENGTH];
proto_item *pi_tlv_val = PITEM_TLV_VALUE_ITEM(pi_tlv);
proto_item_get_label(pi_tlv_val, label);
proto_item_append_text(pi_tlv, label);
proto_item_set_text(pi_tlv_val, "Value: %s", strchr(label, ':') +
1);
}
I think that it crashes in those pointers [->first_child->next->next
], I just can't figure out why it works
when *I click on every frame and check the dissection*.
It crashes on first call of function proto_tree_tlv_copy_label,
but only when using filters. In other words, when I
click on a frame [even the firs one] - it's all ok, when I write a
filter to display this frame - crash...
Function proto_tree_tlv_copy_label is called [as
you can see] by proto_tree_add_tlv:
proto_item
*proto_tree_add_tlv(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint
start) {
proto_item *pi_tlv;
tlv_t tlv_item;
gint length;
tlv_init_no_value(&tlv_item, tvb, start);
length = tlv_length(&tlv_item);
if((start + length) > tvb_length(tvb)) {
proto_tree_add_text(tree, tvb, start, 2, " [MALFORMED TLV;
reported type: %d, reported length: %d]", tlv_item.type,
tlv_item.length);
return NULL;
}
pi_tlv = proto_tree_add_tl(tree, tvb, start, "TLV encoded value, ");
if (tlv_item.length != 0) {
proto_tree_add_item(pi_tlv, hfindex, tvb, start +
tlv_offset_value(&tlv_item), length -
tlv_offset_value(&tlv_item), FALSE);
proto_tree_tlv_copy_label(pi_tlv);
}
return pi_tlv;
}
Dissector calling looks more or less like this: Ethernet dissector
-> dissect_phy_xxx -> dissect_some_protocol.
Remember that this code is working absolutely OK on Ethereal [0.10.14].
I'm terribly sorry for all those secrets and also
for not attaching sources, but I just can't. I know helping me on such
conditions may be extremely difficult, so thanks once again.
Remember that this code is working absolutely OK on Ethereal [0.10.14].
Best regards,
Tomek S.
|