Re: Coredump Without Much Info?

[Guy Harris <guy () alum mit edu>]

On Jul 10, 2015, at 10:41 AM, Hei Chan <structurechart () yahoo com> wrote:

> Thanks for your quick reply.
>
> Here is my code:
>               pcap_t* m_pPcap;
>               char *packet;
>               struct pcap_pkthdr header;
>
>               m_pPcap = pcap_open_offline(pcapFile, errbuf);
>               if (pcapFile == NULL) {
>                       exit(1);
>               }

If pcapFile were null, that would already have crashed in the pcap_open_offline() call!

What you want instead is

                m_pPcap = pcap_open_offline(pcapFile, errbuf);
                if (m_pPcap == NULL) {
                        fprintf(stderr, "Can't open capture file %s: %s\n",
                            pcapFile, errbuf);
                        exit(1);
                }

I.e., as I said:

> First, read your code to make sure that, in your pcap_open_offline() call, you're checking whether it returns a NULL 
> pointer and, if it does, print an error message (using the string put into the "errbuf" second argument to 
> pcap_open_offline(), so that you not only know why the call failed, you know *why* it failed).

You *weren't checking whether pcap_open_offline() returned a null pointer, so, if, for some reason, it weren't able to 
open the capture file, it would pass a null pointer to pcap_next(), which would crash - in exactly the place where it 
did crash.

> The code above hasn't been changed for like a year.  It used to work long time back with other pcap files.
>
> So I suspect that it has something to do with my pcap file.

It used to work with files that could be opened.  For whatever reason, it's not succeeding in opening your pcap file.

We cannot determine why unless we either see the file or see the error message that the code I wrote above prints.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers