Wireshark · Ethereal-dev: [Ethereal-dev] Bug report: crash in packet-dcerpc-ndr.c

Ethereal-dev: [Ethereal-dev] Bug report: crash in packet-dcerpc-ndr.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Yaniv Kaul <ykaul@xxxxxxxxxxxx>

Date: Sun, 05 Sep 2004 12:22:25 +0300

Latest Ethereal from svn, Win2K, during capture:

The crash happens in packet-dcerpc-ndr.c, where the arrow is (line 91):
{
   dcerpc_info *di;

   di=pinfo->private_data;
--->    if(di->conformant_run){
     /* just a run to handle conformant arrays, no scalars to dissect */
     return offset;
   }


Full Stack:

dissect_ndr_uint32(tvbuff * 0x026a7a34, int 0, _packet_info *0x02f6ba58, _proto_node * 0x00000000, unsigned char * 0x0012d55c, int-1, unsigned int * 0x0012d1a4) line 91 + 3 bytesdissect_ndr_pointer_cb(tvbuff * 0x026a7a34, int 0, _packet_info *0x02f6ba58, _proto_node * 0x00000000, unsigned char * 0x0012d55c, int(tvbuff *, int, _packet_info *, _proto_node *, unsigned char *)*0x007d64f3 dissect_ndr_wchar_cvstring(tvbuff *, int, _packet_info *,_proto_node *, unsigned char *), int 2, char * 0x00c5fcd8, int 2457,...) line 1677 + 29 bytessamr_dissect_connect3_4_rqst(tvbuff * 0x026a7a34, int 0, _packet_info *0x02f6ba58, _proto_node * 0x00000000, unsigned char * 0x0012d55c) line1122 + 53 bytesdcerpc_try_handoff(_packet_info * 0x02f6ba58, _proto_node * 0x00000000,_proto_node * 0x00000000, tvbuff * volatile 0x026a7a34, tvbuff *0x026a7a34, unsigned char * 0x0012d55c, _dcerpc_info * 0x00d53618,_dcerpc_auth_info * 0x0012d4a0) line 2019 + 21 bytesdissect_dcerpc_cn_stub(tvbuff * 0x026a7964, int 24, _packet_info *0x02f6ba58, _proto_node * 0x00000000, _proto_node * 0x00000000,_e_dce_cn_common_hdr_t * 0x0012d558, _dcerpc_info * 0x00d53618,_dcerpc_auth_info * 0x0012d4a0, unsigned int 44, unsigned int 2272) line2664 + 40 bytesdissect_dcerpc_cn_rqst(tvbuff * 0x026a7964, int 24, _packet_info *0x02f6ba58, _proto_node * 0x00000000, _proto_node * 0x00000000,_e_dce_cn_common_hdr_t * 0x0012d558, int 1) line 3021 + 51 bytesdissect_dcerpc_cn(tvbuff * 0x026a7964, int 16, _packet_info *0x02f6ba58, _proto_node * 0x00000000, int 1, int * 0x0012d608, int 1)line 3557 + 33 bytesdissect_dcerpc_cn_bs_body(tvbuff * 0x026a7964, _packet_info *0x02f6ba58, _proto_node * 0x00000000, int 1) line 3654 + 36 bytesdissect_dcerpc_cn_smbpipe(tvbuff * 0x026a7964, _packet_info *0x02f6ba58, _proto_node * 0x00000000) line 3697 + 19 bytesdissector_try_heuristic(_GSList * 0x022562d8, tvbuff * 0x026a7964,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 1450 + 17 bytesdissect_pipe_dcerpc(tvbuff * 0x026a7964, _packet_info * 0x02f6ba58,_proto_node * 0x00000000, _proto_node * 0x00000000, unsigned int 16386)line 3332 + 22 bytesdissect_pipe_smb(tvbuff * 0x026a79cc, tvbuff * 0x026a7998, tvbuff *0x026a7a00, tvbuff * 0x00000000, tvbuff * 0x026a7964, const char *0x00d590ce, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line3693 + 25 bytesdissect_transaction_request(tvbuff * 0x026a7930, _packet_info *0x02f6ba58, _proto_node * 0x00000000, int 152, _proto_node * 0x00000000)line 11454 + 49 bytesdissect_smb_command(tvbuff * 0x026a7930, _packet_info * 0x02f6ba58, int32, _proto_node * 0x00000000, unsigned char 37, int 1) line 13899 + 23 bytesdissect_smb(tvbuff * 0x026a7930, _packet_info * 0x02f6ba58, _proto_node* 0x00000000) line 14983 + 29 bytesdissect_smb_heur(tvbuff * 0x026a7930, _packet_info * 0x02f6ba58,_proto_node * 0x00000000) line 15032 + 17 bytesdissector_try_heuristic(_GSList * 0x022562c8, tvbuff * 0x026a7930,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 1450 + 17 bytesdissect_netbios_payload(tvbuff * 0x026a7930, _packet_info * 0x02f6ba58,_proto_node * 0x00000000) line 1082 + 23 bytesdissect_nbss_packet(tvbuff * 0x0266e860, int 4, _packet_info *0x02f6ba58, _proto_node * 0x00000000, int 1) line 1557 + 17 bytesdissect_nbss(tvbuff * 0x0266e860, _packet_info * 0x02f6ba58, _proto_node* 0x00000000) line 1741 + 25 bytescall_dissector_through_handle(dissector_handle * 0x0225db80, tvbuff *0x0266e860, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line365 + 18 bytescall_dissector_work(dissector_handle * 0x0225db80, tvbuff * 0x0266e860,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 515 + 21 bytesdissector_try_port(dissector_table * 0x0224d280, unsigned int 445,tvbuff * 0x0266e860, _packet_info * 0x02f6ba58, _proto_node *0x00000000) line 778 + 21 bytesdecode_tcp_ports(tvbuff * 0x0266e82c, int 20, _packet_info * 0x02f6ba58,_proto_node * 0x00000000, int 1098, int 445) line 2402 + 34 bytesprocess_tcp_payload(tvbuff * 0x0266e82c, volatile int 20, _packet_info *0x02f6ba58, _proto_node * 0x00000000, _proto_node * 0x00000000, int1098, int 445, unsigned int 0, unsigned int 0, int 0) line 2450 + 35 bytesdesegment_tcp(tvbuff * 0x0266e82c, _packet_info * 0x02f6ba58, int 20,unsigned int 4300, unsigned int 4456, unsigned int 1098, unsigned int445, _proto_node * 0x00000000, _proto_node * 0x00000000) line 1644 + 39bytesdissect_tcp_payload(tvbuff * 0x0266e82c, _packet_info * 0x02f6ba58, int20, unsigned int 4300, unsigned int 4456, unsigned int 1098, unsignedint 445, _proto_node * 0x00000000, _proto_node * 0x00000000) line 2521 +41 bytesdissect_tcp(tvbuff * 0x0266e82c, _packet_info * 0x02f6ba58, _proto_node* 0x00000000) line 2953 + 69 bytescall_dissector_through_handle(dissector_handle * 0x0226bff0, tvbuff *0x0266e82c, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line365 + 18 bytescall_dissector_work(dissector_handle * 0x0226bff0, tvbuff * 0x0266e82c,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 515 + 21 bytesdissector_try_port(dissector_table * 0x021e8f70, unsigned int 6, tvbuff* 0x0266e82c, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line778 + 21 bytesdissect_ip(tvbuff * 0x0266e7f8, _packet_info * 0x02f6ba58, _proto_node *0x00000000) line 1098 + 33 bytescall_dissector_through_handle(dissector_handle * 0x021e90c8, tvbuff *0x0266e7f8, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line365 + 18 bytescall_dissector_work(dissector_handle * 0x021e90c8, tvbuff * 0x0266e7f8,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 515 + 21 bytesdissector_try_port(dissector_table * 0x021cf550, unsigned int 2048,tvbuff * 0x0266e7f8, _packet_info * 0x02f6ba58, _proto_node *0x00000000) line 778 + 21 bytesethertype(unsigned short 2048, tvbuff * 0x0266e7c4, int 14, _packet_info* 0x02f6ba58, _proto_node * 0x00000000, _proto_node * 0x00000000, int3621, int 3623, int -1) line 180 + 34 bytesdissect_eth_common(tvbuff * 0x0266e7c4, _packet_info * 0x02f6ba58,_proto_node * 0x00000000, int -1) line 293 + 48 bytesdissect_eth_maybefcs(tvbuff * 0x0266e7c4, _packet_info * 0x02f6ba58,_proto_node * 0x00000000) line 387 + 26 bytescall_dissector_through_handle(dissector_handle * 0x02259ff8, tvbuff *0x0266e7c4, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line365 + 18 bytescall_dissector_work(dissector_handle * 0x02259ff8, tvbuff * 0x0266e7c4,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 515 + 21 bytesdissector_try_port(dissector_table * 0x021cc6b8, unsigned int 1, tvbuff* 0x0266e7c4, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line778 + 21 bytesdissect_frame(tvbuff * 0x0266e7c4, _packet_info * 0x02f6ba58,_proto_node * 0x00000000) line 185 + 34 bytescall_dissector_through_handle(dissector_handle * 0x021dcb08, tvbuff *0x0266e7c4, _packet_info * 0x02f6ba58, _proto_node * 0x00000000) line365 + 18 bytescall_dissector_work(dissector_handle * 0x021dcb08, tvbuff * 0x0266e7c4,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 515 + 21 bytescall_dissector(dissector_handle * 0x021dcb08, tvbuff * 0x0266e7c4,_packet_info * 0x02f6ba58, _proto_node * 0x00000000) line 1616 + 21 bytesdissect_packet(_epan_dissect_t * 0x02f6ba50, wtap_pseudo_header *0x026db7c4, const unsigned char * 0x02696128, _frame_data * 0x0308661c,_column_info * 0x004db88c) line 313 + 32 bytesepan_dissect_run(_epan_dissect_t * 0x02f6ba50, void * 0x026db7c4, constunsigned char * 0x02696128, _frame_data * 0x0308661c, _column_info *0x004db88c) line 153 + 25 bytesadd_packet_to_packet_list(_frame_data * 0x0308661c, _capture_file *0x004cb760, wtap_pseudo_header * 0x026db7c4, const unsigned char *0x02696128, int 1) line 810 + 30 bytes

read_packet(_capture_file * 0x004cb760, long 360667) line 956 + 23 bytes

cf_continue_tail(_capture_file * 0x004cb760, int 218, int * 0x0012f9fc)line 572 + 13 bytes

sync_pipe_input_cb(int 5, void * 0x004cb760) line 772 + 17 bytes
pipe_timer_cb(void * 0x004c3490 pipe_input) line 643 + 19 bytes
LIBGLIB-2.0-0! 00249853()
LIBGLIB-2.0-0! 00247678()
LIBGLIB-2.0-0! 002482d1()
LIBGLIB-2.0-0! 002485d2()
LIBGLIB-2.0-0! 00248c47()
LIBGTK-WIN32-2.0-0! 00f3db6d()
main(int 0, char * * 0x012f4764) line 2548

WinMain(HINSTANCE__ * 0x00400000, HINSTANCE__ * 0x00000000, char *0x00134f66, int 1) line 2588 + 23 bytes

Follow-Ups:
- Re: [Ethereal-dev] Bug report: crash in packet-dcerpc-ndr.c
  - From: Ulf Lamping

Prev by Date: Re: [Ethereal-dev] ip.addr != display filter does not work with bcasts/mcasts?
Next by Date: Re: [Ethereal-dev] ip.addr != display filter does not work withbcasts/mcasts?
Previous by thread: Re: [Ethereal-dev] ip.addr != display filter does not work withbcasts/mcasts?
Next by thread: Re: [Ethereal-dev] Bug report: crash in packet-dcerpc-ndr.c
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$