Re: [Wireshark-dev] radius dictionary -> segfault

[Guy Harris <guy () alum mit edu>]

On Dec 9, 2009, at 6:29 PM, Mihaly Zachar wrote:

> I don't have it yet if you need I can do, but if you try it I'm almost
> sure that you can reproduce the problem, because we tried it on multiple
> PCs and on a Mac as well, with the same result.

I couldn't get it to crash - but Bill Meier found the problem; it was an uninitialized pointer structure member.  It 
might have been that, when I tried it, the chunk of data allocated for the data structure in question was 
freshly-allocated, and thus all zero, so that the pointer happened to be null.  He reproduced it on Windows, and the 
allocator might stuff bogus values into freshly-allocated memory, causing a crash.  It might also happen if enough 
memory gets allocated and freed, so that the chunk of data allocated for the data structure has junk in it, giving a 
bad pointer.

A fix has been checked in, initializing the pointer member in question to a null pointer:

        http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-radius.c?r1=31221&r2=31220&pathrev=31221

and is targeted for the 1.2.5 and 1.0.11 releases.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe