Wireshark · Ethereal-dev: Re: [Ethereal-dev] crash on reading tracefile ( NFS ? )

Ethereal-dev: Re: [Ethereal-dev] crash on reading tracefile ( NFS ? )

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>

Date: Sat, 16 Nov 2002 15:15:22 +0100

Ronnie Sahlberg wrote:

>Frame 127 is the final segment in a NFS PDU spanning several TCP segments.
>Do you have TCP desegmentation enabled?
>It should be disabled by default but in that case the NFS Read reply should
>show up in frme 112 instead.
>
>If you disable TCP desegmentation, do you still get a crash for packet 127?

No, if TCP desegmentation is turned off then there is no crash. Then you will only get "RPC continuation" and
no NFS decoding of that packet.


I also tried with tethereal (with TCP desegmentation turned on) and then I get a crash for packet 127
286 or 610. 

The crash seems to occur in g_byte_array_append  when dissecting some opaque data.

MSVCRT! 7800124c()
GLIB-1.3! 00231316()
GLIB-1.3! 00231ef5()
proto_tree_set_bytes(field_info * 0x028d6380, const unsigned char * 0x026d9c98, int 1024) line 909 + 17 bytes
proto_tree_add_bytes(_GNode * 0x0269c700, int 5344, tvbuff * 0x02873d74, int 132, int 1024, const unsigned char * 0x026d9c98) line 862 + 17 bytes
proto_tree_add_bytes_format(_GNode * 0x0269c700, int 5344, tvbuff * 0x02873d74, int 132, int 1024, const unsigned char * 0x026d9c98, const char * 0x00770f94) line 891 + 29 bytes
dissect_rpc_opaque_data(tvbuff * 0x02873d74, int 132, _GNode * 0x028c3124, int 5344, int 0, char * * 0x00000000) line 618 + 38 bytes
dissect_rpc_data(tvbuff * 0x02873d74, _GNode * 0x028c3124, int 5344, int 128) line 675 + 25 bytes
dissect_nfsdata(tvbuff * 0x02873d74, int 128, _GNode * 0x028c3124, int 5344) line 2112 + 21 bytes
dissect_nfs3_read_reply(tvbuff * 0x02873d74, int 128, _packet_info * 0x0106e538, _GNode * 0x028c3124) line 3684 + 24 bytes

Actually someone has reported a similar problem some months ago:
http://www.ethereal.com/lists/ethereal-dev/200203/msg00061.html

Follow-Ups:
- Re: [Ethereal-dev] crash on reading tracefile ( NFS ? )
  - From: Ronnie Sahlberg

Prev by Date: Re: [Ethereal-dev] Patch for BAcnet on Ethernet
Next by Date: Re: [Ethereal-dev] Ethereal 0.9.7 dumps core in packet-smb-pipe.c
Previous by thread: Re: [Ethereal-dev] crash on reading tracefile ( NFS ? )
Next by thread: Re: [Ethereal-dev] crash on reading tracefile ( NFS ? )
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$