Wireshark-dev: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012
From: Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2012 10:51:40 -0400
I have discovered one problem since the change, but it may have been a bug all along.

In tcp_graph.c, it was referencing the tap (struct tcpheader) after the tap had run.  The struct is allocated in packet-tcp.c using ep_alloc(), but now it wasn't valid to access that memory (immediately after tap_tcpip_packet() had returned).  gdb reported that it wasn't valid to read that memory address anymore - is this a result of the change to emem.c?

The fix (which I think I'm happy with) was to take a deep copy of the struct inside the tap function, i.e.

Index: ui/gtk/tcp_graph.c
===================================================================
--- ui/gtk/tcp_graph.c  (revision 45446)
+++ ui/gtk/tcp_graph.c  (working copy)
@@ -1885,7 +1885,10 @@
 
        /* Add address if unique and have space for it */
        if (is_unique && (th->num_hdrs < MAX_SUPPORTED_TCP_HEADERS)) {
-               th->tcphdrs[th->num_hdrs++] = header;
+               /* Need to take a deep copy of the tap struct, it may not be valid
+                  to read after this function returns? */
+               th->tcphdrs[th->num_hdrs] = g_malloc(sizeof(struct tcpheader));
+               *(th->tcphdrs[th->num_hdrs++]) = *header;
        }


On Wed, Oct 10, 2012 at 8:25 AM, <bugzilla-daemon@xxxxxxxxxxxxx> wrote:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7814

Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darkjames-ws@xxxxxxxxxxxx

--- Comment #13 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-10-10 05:25:13 PDT ---
Should be fixed in r45445

--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-request@xxxxxxxxxxxxx?subject=unsubscribe