Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 47724: /trunk/ /trunk/: print.c
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 17 Feb 2013 18:18:25 -0800
On Feb 17, 2013, at 4:52 PM, wmeier@xxxxxxxxxxxxx wrote:

> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=47724
> 
> User: wmeier
> Date: 2013/02/17 04:52 PM
> 
> Log:
> Implement proto_tree_write_fields without using ep_strbufs.
> - Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8348:
>    "tshark -T fields can't print the full value of fields where the value,
>     as a text string, is longer than 65535 bytes"
> - Reduces ep memory allocation & string copies;

It's crashing in one of the decryption tests in the buildbot; the crash is in

#0  g_atomic_int_dec_and_test (atomic=0x6664373035656276) at gatomic.c:669
669       is_zero = --(*atomic) == 0;
(gdb) where
#0  g_atomic_int_dec_and_test (atomic=0x6664373035656276) at gatomic.c:669
#1  0x000000010794f3c9 in g_ptr_array_free (farray=0x272c0000272c00, free_segment=128256028) at garray.c:1047
#2  0x0000000103581596 in output_fields_free (fields=0x7fa30433e9b0) at print.c:1368
#3  0x000000010358d4dc in main (argc=1550329152, argv=0x7fff5c682540) at tshark.c:1994
(gdb) frame 2
#2  0x0000000103581596 in output_fields_free (fields=0x7fa30433e9b0) at print.c:1368
1368                g_ptr_array_free(fv_p, TRUE);

and the value being freed appears to be a pointer whose contents are a hex string (so probably some buffer is overflowing, or the array containing the pointer-array pointers got freed and overwritten).