Wireshark mailing list archives
Re: Is this a bug in the ipv6 dissector?
From: Evan Huus <eapache () gmail com>
Date: Thu, 27 Nov 2014 10:37:33 -0500
On Thu, Nov 27, 2014 at 10:21 AM, Alexis La Goutte <alexis.lagoutte () gmail com> wrote:
Hi, On Thu, Nov 27, 2014 at 4:13 AM, 蓝常珍 <lanczyx () gmail com> wrote:In the function "dissect_ipv6" of the ipv6 dissector(packet-ipv6.c),the ip6_hdr struct is allocated on the stack,then it's address is passed to tap_queue_packet.I notice that the other dissectors do not look like this. The code snippet of the dissect_ipv6 function,from dev-version 1.99.0: static void dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { struct ip6_hdr ipv6; ... tap_queue_packet(ipv6_tap, pinfo, &ipv6); ... }What the bug ?
I think the implication is that when the tap runs, the pointer will be invalid because the stack frame will have been destroyed. So any tap trying to access that structure will cause an invalid memory access?
there is no tap for all dissector...___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Is this a bug in the ipv6 dissector? 蓝常珍 (Nov 27)
- Re: Is this a bug in the ipv6 dissector? Alexis La Goutte (Nov 27)
- Re: Is this a bug in the ipv6 dissector? Evan Huus (Nov 27)
- Re: Is this a bug in the ipv6 dissector? Pascal Quantin (Nov 28)
- Re: Is this a bug in the ipv6 dissector? Evan Huus (Nov 27)
- Re: Is this a bug in the ipv6 dissector? Alexis La Goutte (Nov 27)