Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap

[Martin Mathieson <martin.r.mathieson () googlemail com>]

I have discovered one problem since the change, but it may have been a bug
all along.

In tcp_graph.c, it was referencing the tap (struct tcpheader) after the tap
had run.  The struct is allocated in packet-tcp.c using ep_alloc(), but now
it wasn't valid to access that memory (immediately after tap_tcpip_packet()
had returned).  gdb reported that it wasn't valid to read that memory
address anymore - is this a result of the change to emem.c?

The fix (which I think I'm happy with) was to take a deep copy of the
struct inside the tap function, i.e.

Index: ui/gtk/tcp_graph.c
===================================================================
--- ui/gtk/tcp_graph.c  (revision 45446)
+++ ui/gtk/tcp_graph.c  (working copy)
@@ -1885,7 +1885,10 @@

        /* Add address if unique and have space for it */
        if (is_unique && (th->num_hdrs < MAX_SUPPORTED_TCP_HEADERS)) {
-               th->tcphdrs[th->num_hdrs++] = header;
+               /* Need to take a deep copy of the tap struct, it may not
be valid
+                  to read after this function returns? */
+               th->tcphdrs[th->num_hdrs] = g_malloc(sizeof(struct
tcpheader));
+               *(th->tcphdrs[th->num_hdrs++]) = *header;
        }


On Wed, Oct 10, 2012 at 8:25 AM, <bugzilla-daemon () wireshark org> wrote:

> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7814
>
> Jakub Zawadzki <darkjames-ws () darkjames pl> changed:
>
>            What    |Removed                     |Added
>
> ----------------------------------------------------------------------------
>                  CC|                            |darkjames-ws () darkjames pl
>
> --- Comment #13 from Jakub Zawadzki <darkjames-ws () darkjames pl>
> 2012-10-10 05:25:13 PDT ---
> Should be fixed in r45445
>
> --
> Configure bugmail:
> https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You are watching all bug changes.
> ___________________________________________________________________________
> Sent via:    Wireshark-bugs mailing list <wireshark-bugs () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-bugs
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs
>              mailto:wireshark-bugs-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe