Wireshark mailing list archives
Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap
From: Evan Huus <eapache () gmail com>
Date: Wed, 10 Oct 2012 12:19:42 -0400
On Wed, Oct 10, 2012 at 10:51 AM, Martin Mathieson <martin.r.mathieson () googlemail com> wrote:
I have discovered one problem since the change, but it may have been a bug all along. In tcp_graph.c, it was referencing the tap (struct tcpheader) after the tap had run. The struct is allocated in packet-tcp.c using ep_alloc(), but now it wasn't valid to access that memory (immediately after tap_tcpip_packet() had returned). gdb reported that it wasn't valid to read that memory address anymore - is this a result of the change to emem.c?
Yes, although I'm not actually sure which behavior (old or new) is correct. At this point I want to just revert the whole recent set of emem changes *and* the ref-counting. The old, simple version has exactly one known bug that's really hard to trigger and I think is probably a less serious issue than the memory leak that ref-counting gave us. I don't have access to a commit-capable machine again until tomorrow evening, so if somebody else wants to take care of it that would be appreciated. Jakub, I still don't understand your proposed fix, but that's almost certainly my fault, not yours. If it fixes the original crasher and doesn't cause any other problems, go ahead and commit it.
The fix (which I think I'm happy with) was to take a deep copy of the struct
inside the tap function, i.e.
Index: ui/gtk/tcp_graph.c
===================================================================
--- ui/gtk/tcp_graph.c (revision 45446)
+++ ui/gtk/tcp_graph.c (working copy)
@@ -1885,7 +1885,10 @@
/* Add address if unique and have space for it */
if (is_unique && (th->num_hdrs < MAX_SUPPORTED_TCP_HEADERS)) {
- th->tcphdrs[th->num_hdrs++] = header;
+ /* Need to take a deep copy of the tap struct, it may not be
valid
+ to read after this function returns? */
+ th->tcphdrs[th->num_hdrs] = g_malloc(sizeof(struct
tcpheader));
+ *(th->tcphdrs[th->num_hdrs++]) = *header;
}
This is probably a good idea even with the old allocator. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Martin Mathieson (Oct 09)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Jakub Zawadzki (Oct 10)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Martin Mathieson (Oct 10)
- <Possible follow-ups>
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Martin Mathieson (Oct 10)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Evan Huus (Oct 10)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Jakub Zawadzki (Oct 10)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Evan Huus (Oct 10)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Evan Huus (Oct 10)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Evan Huus (Oct 10)
- Re: [Wireshark-bugs] [Bug 7814] Buildbot crash output: fuzz-2012-10-08-21623.pcap Jakub Zawadzki (Oct 10)