Hey,
Robert Hogan wrote:
Hi there,
I encountered a crash while writing my dissector that puzzled me at first:
#0 strlen () at ../sysdeps/i386/i486/strlen.S:40
#1 0xb548c6d8 in _IO_vfprintf_internal (s=0xbfa726ac, format=0xb6ff9494
"%s: %s (%u)", ap=0xbfa72804 "1") at vfprintf.c:1581
#2 0xb5544772 in ___vsnprintf_chk (s=0xbfa729f0 "Attention Identification:
or Get Operation (0x03)", maxlen=240, flags=1, slen=4294967295,
format=0xb6ff9494 "%s: %s (%u)", args=0xbfa727fc "\264-E\2671") at
vsnprintf_chk.c:65
#3 0xb582ca4f in IA__g_vsnprintf (string=0x1 <Address 0x1 out of bounds>,
n=3215403012, format=0x31 <Address 0x31 out of bounds>, args=0xbfa727fc
"\264-E\2671") at /usr/include/bits/stdio2.h:78
#4 0xb582cc36 in IA__g_snprintf (string=0xbfa729f0 "Attention
Identification: or Get Operation (0x03)", n=240, format=0xb6ff9494 "%s: %s
(%u)") at /build/buildd/glib2.0-2.20.1/glib/gprintf.c:163
#5 0xb649e7b0 in fill_label_uint (fi=0x994c2f0, label_str=0xbfa729f0
"Attention Identification: or Get Operation (0x03)") at
/home/robert/Development/wireshark-tn5250/epan/proto.c:4315
#6 0xb649db4e in proto_item_fill_label (fi=0x994c2f0, label_str=0xbfa729f0
"Attention Identification: or Get Operation (0x03)") at
/home/robert/Development/wireshark-tn5250/epan/proto.c:4064
The calls from proto.c look innocent enough but it turned out I had:
{ &hf_tn5250_aid,
{ "Attention Identification", "hf_tn5250_aid",
FT_UINT8, BASE_HEX||BASE_RANGE_STRING, <----------- ||
RVALS(vals_tn5250_attention_identification_bytes), 0x0,
"hf_tn5250_aid", HFILL }},
instead of
{ &hf_tn5250_aid,
{ "Attention Identification", "hf_tn5250_aid",
FT_UINT8, BASE_HEX|BASE_RANGE_STRING,
RVALS(vals_tn5250_attention_identification_bytes), 0x0,
"hf_tn5250_aid", HFILL }},
Any thoughts on where the violation should have been picked up?
Which version of Wireshark are you using? This issue sounds suspiciously
like:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2893
Best regards,
Kovarththanan Rajaratnam