Wireshark mailing list archives
Re: Packet Size limited during capture message
From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Thu, 25 Mar 2010 21:22:10 -0400
Jakub Excellent...!!! That was the problem..!! I simply commented out the following...(which called gmtime()) proto_tree_add_time_format(helen_tree, hf_helen_txTime, tvb, offset, 8, &t, "Date: %s %2d, %d %02d:%02d:%02d UTC",mon_names[tmp->tm_mon],tmp->tm_mday, tmp->tm_year + 1900,tmp->tm_hour,tmp->tm_min,tmp->tm_sec); And it did NOT crash..!! You mentioned about putting in an if statement to check it if (abs_time->secs > 2000000000) tmp = NULL; Where would / could you put this at..?? And what would you do if it was null..?? Thanks, Brian Jakub Zawadzki wrote:
On Wed, Mar 24, 2010 at 09:59:36AM -0400, Brian Oleksa wrote:So I did some more troubleshooting only to find the following: The dissector crashes in WinXP but not on my Fedora Core 9 box. This is weird. Using editcap... I was able to find the frame on windows to which wireshark crashed on (which was frame 17641). I opened the same .pcap file on my FC-9 box (it did not crash)...but I went to frame 17641 only to find out that it is a Malformed Packet. Any thoughts..??I'd bet on calls to gmtime(). 1/ gmtime() can return NULL. 2/ Windows-specific: These functions validate their parameter. (...) if the timer value is negative, these functions invoke an invalid parameter handler, as described in Parameter Validation. [1] The behavior of the C Runtime when an invalid parameter is found is to call the currently assigned invalid parameter handler. The default invalid parameter invokes Watson crash reporting, which *causes the application to crash* (...) [2] Which reminds me of some checks in to_str.c ( e.g. if (abs_time->secs > 2000000000) tmp = NULL; ) maybe custom handler for _set_invalid_parameter_handler() [3] would be enough? (I can't test it ;/) Cheers. [1] http://msdn.microsoft.com/en-us/library/0z9czt0w%28VS.80%29.aspx [2] http://msdn.microsoft.com/en-us/library/ksazx244%28VS.80%29.aspx [3] http://msdn.microsoft.com/en-us/library/a9yf33zb%28VS.80%29.aspx ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Packet Size limited during capture message, (continued)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 24)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 24)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 25)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 25)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 25)
- Re: Packet Size limited during capture message Jakub Zawadzki (Mar 25)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 25)
- Inner workings of libpcap Rayne (Mar 26)
- Re: Inner workings of libpcap Jaap Keuter (Mar 26)