Hi,
(please Cc me on replies, as I'm not subscribed to the list)
ethereal crashes (SIGSEGV) consistently when trying to decode the
single IP packet contained in the attached tracefile.
The crash occurs with both ethereal 0.8.20 and 0.9.4, and affects both
the GUI and the commandline version. editcap doesn't crash on the
packet, so the problem seems to be somewhere in the packet decoding
code. The trace was captured originally with tcpdump, so I can't tell
if it would crash ethereal while only capturing into a file without
showing decoded data.
The backtrace of the crash is as follows (some linebreaks added by me):
#0 check_offset_length_no_exception (tvb=0x2e777777, offset=43, length=2,
offset_ptr=0xbfffc8f4, length_ptr=0xbfffc8f8, exception=0xbfffc8a8)
at tvbuff.c:426
#1 0x82020bb in check_offset_length (tvb=0x2e777777, offset=43, length=2,
offset_ptr=0xbfffc8f4, length_ptr=0xbfffc8f8) at tvbuff.c:484
#2 0x8202a09 in ensure_contiguous (tvb=0x2e777777, offset=43, length=2)
at tvbuff.c:851
#3 0x8202e4e in tvb_get_ntohs (tvb=0x2e777777, offset=43) at tvbuff.c:1045
#4 0x80b485b in get_dns_name_type_class (tvb=0x2e777777, offset=1700885092,
dns_data_offset=1836213607, name_ret=0x732d6e61 <Address 0x732d6e61 out
of bounds>, name_len_ret=0x2e706f68, type_ret=0x5c462e00,
class_ret=0x3631785b) at packet-dns.c:623
#5 0x2e5d302f in ?? ()
Cannot access memory at address 0x3631785b
It looks like something is trashing data on the stack (corrupted stack
frame at the end of the trace, and the tvb value in the function calls
is also invalid (checked with gdb, it points to an inaccessible linear
address)).
System is a RedHat Linux 6.2 (glibc-2.1.3-23) with a 2.2.21 kernel on
x86, Gtk and GLib version is 1.2.10-ximian.25. The attached tracefile
contains the exact packet that causes the crash.
Andreas
--
Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG
---------------------------------------------------------
+49 521 1365800 - af@xxxxxxxxxx - www.devcon.net
Attachment:
crash.dump
Description: Binary data
