Ethereal-dev: [ethereal-dev] ethereal-0.7.9 core dumps in vfprintf on dissecting smb lanman

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Marty Leisner" <leisner@xxxxxxxxxxxxxxxx>
Date: Mon, 20 Dec 1999 12:27:31 -0500
This seemed to be pretty consistent.

I used glibc-2.1.2 (since I built it and had symbols).
(It happened with older glibc).

I couldn't figure out what was wrong (glibc vfprintf
is very difficult to debug...not sure if the problem is
ethereal or gnu glibc)

Clicking on "\pipe\lanman response" core dumps"

(when I have this inside gdb, I think I'm grabbing the server
which is very annoying when I core dump...I'm not an X expert,
but I have to kill/restart my windowmanager (I'm using ctwm).)

I'm doing
	./ethereal -f "port 139"

(gdb) bt
#0  0x402d9abf in _IO_vfprintf (s=0xbfffd55c, 
    format=0x8116280 "Server Comment: %s", ap=0xbfffd6d8) at vfprintf.c:1259
#1  0x402e6770 in _IO_vsnprintf (string=0x8201a90 "Server Comment: ", 
    maxlen=240, format=0x8116280 "Server Comment: %s", args=0xbfffd6d4)
    at vsnprintf.c:129
#2  0x8069e72 in proto_tree_add_item_value (tree=0x81ff790, hfindex=796, 
    start=144, length=4, include_format=1, visible=1, ap=0xbfffd6d0)
    at proto.c:411
#3  0x8069c4d in proto_tree_add_text (tree=0x81ff790, start=144, length=4)
    at proto.c:283
#4  0x80b1469 in dissect_pipe_lanman (pd=0x81462b8 "", offset=114, 
    fd=0x81d39b8, parent=0x81eded8, tree=0x81ee324, si={tid = 1, uid = 100, 
      mid = 12607, pid = 12507, conversation = 0x81cd3f0, 
      request_val = 0x81ec718, unicode = 0}, max_data=130, SMB_offset=58, 
    errcode=0, dirn=0, command=0x81d3376 "LANMAN", DataOffset=64, 
    DataCount=66, ParameterOffset=56, ParameterCount=6) at packet-smb.c:10228
#5  0x80b14fd in dissect_pipe_smb (pd=0x81462b8 "", offset=114, fd=0x81d39b8, 
    parent=0x81eded8, tree=0x81ee324, si={tid = 1, uid = 100, mid = 12607, 
      pid = 12507, conversation = 0x81cd3f0, request_val = 0x81ec718, 
      unicode = 0}, max_data=130, SMB_offset=58, errcode=0, dirn=0, 
    command=0x81d3376 "LANMAN", DataOffset=64, DataCount=66, 
    ParameterOffset=56, ParameterCount=6) at packet-smb.c:10255
#6  0x80af542 in dissect_transact_params (pd=0x81462b8 "", offset=114, 
    fd=0x81d39b8, parent=0x81eded8, tree=0x81ee324, si={tid = 1, uid = 100, 
      mid = 12607, pid = 12507, conversation = 0x81cd3f0, 
      request_val = 0x81ec718, unicode = 0}, max_data=130, SMB_offset=58, 
    errcode=0, dirn=0, DataOffset=64, DataCount=66, ParameterOffset=56, 
    ParameterCount=6, TransactName=0x81d3918 "\\PIPE\\LANMAN")
    at packet-smb.c:9089
#7  0x80b01c6 in dissect_transact_smb (pd=0x81462b8 "", offset=114, 
    fd=0x81d39b8, parent=0x81eded8, tree=0x81ee324, si={tid = 1, uid = 100, 
      mid = 12607, pid = 12507, conversation = 0x81cd3f0, 
      request_val = 0x81ec718, unicode = 0}, max_data=130, SMB_offset=58, 
    errcode=0, dirn=0) at packet-smb.c:9710
#8  0x80b2de8 in dissect_smb (pd=0x81462b8 "", offset=90, fd=0x81d39b8, 
    tree=0x81eded8, max_data=130) at packet-smb.c:11435
#9  0x808e494 in dissect_nbss_packet (pd=0x81462b8 "", offset=54, 
    fd=0x81d39b8, tree=0x81eded8, max_data=134) at packet-nbns.c:1537
#10 0x808e5f9 in dissect_nbss (pd=0x81462b8 "", offset=54, fd=0x81d39b8, 
    tree=0x81eded8) at packet-nbns.c:1599
#11 0x80b5356 in dissect_tcp (pd=0x81462b8 "", offset=54, fd=0x81d39b8, 
    tree=0x81eded8) at packet-tcp.c:519
#12 0x8085675 in dissect_ip (pd=0x81462b8 "", offset=34, fd=0x81d39b8, 
    tree=0x81eded8) at packet-ip.c:920

(gdb) list vfprintf.c:1255
1250
1251        LABEL (mod_intmax_t):
1252          is_longlong = sizeof (intmax_t) > sizeof (unsigned long int);
1253          is_long = sizeof (intmax_t) > sizeof (unsigned int);
1254          JUMP (*++f, step4_jumps);
1255
1256          /* Process current format.  */
1257          while (1)
1258            {
1259              process_arg (((struct printf_spec *) NULL));
(gdb) up
#2  0x8069e72 in proto_tree_add_item_value (tree=0x81ff790, hfindex=796, 
    start=144, length=4, include_format=1, visible=1, ap=0xbfffd6d0)
    at proto.c:411
411                     vsnprintf(fi->representation, ITEM_LABEL_LENGTH,
(gdb) list
406
407             /* are there any formatting arguments? */
408             if (visible && include_format) {
409                     fi->representation = g_mem_chunk_alloc(gmc_item_labels);
410                     format = va_arg(ap, char*);
411                     vsnprintf(fi->representation, ITEM_LABEL_LENGTH,
412                                     format, ap);
413             }
414             else {
415                     fi->representation = NULL;
(gdb) 


What does g_mem_chunk_alloc do?
Does it return ITEM_LABEL_LENGTH bytes?

Some other things:

	ethereal --help
prints the help twice


When showing the small window (ethereal: capture/playback)
I think we mean NetBeui, not NetBIOS (NetBIOS also is tcp rfc 1001
packets)

Marty Leisner
leisner@xxxxxxxxxxxxxxxx