Wireshark-dev: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012
I have discovered one problem since the change, but it may have been a bug all along.
In tcp_graph.c, it was referencing the tap (struct tcpheader) after the tap had run. The struct is allocated in packet-tcp.c using ep_alloc(), but now it wasn't valid to access that memory (immediately after tap_tcpip_packet() had returned). gdb reported that it wasn't valid to read that memory address anymore - is this a result of the change to emem.c?
The fix (which I think I'm happy with) was to take a deep copy of the struct inside the tap function, i.e.
Index: ui/gtk/tcp_graph.c
===================================================================
--- ui/gtk/tcp_graph.c (revision 45446)
+++ ui/gtk/tcp_graph.c (working copy)
@@ -1885,7 +1885,10 @@
/* Add address if unique and have space for it */
if (is_unique && (th->num_hdrs < MAX_SUPPORTED_TCP_HEADERS)) {
- th->tcphdrs[th->num_hdrs++] = header;
+ /* Need to take a deep copy of the tap struct, it may not be valid
+ to read after this function returns? */
+ th->tcphdrs[th->num_hdrs] = g_malloc(sizeof(struct tcpheader));
+ *(th->tcphdrs[th->num_hdrs++]) = *header;
}