Wireshark · Ethereal-dev: [Ethereal-dev] Re: [Ethereal-cvs] rev 14009: /trunk/epan/dissectors/: packet-ncp2222.inc

["Greg Morris" <gmorris@xxxxxxxxxx>]

Well, the access to the fvalue_ functions was added several years back by Gilbert to allow the ncp2222.py Python script to display column data from the current request packet. In the Python script each NCP request decode has the ability to pass an info_str. This string is evaluated in packet-ncp2222.inc and then echoed to the info column data. Perhaps we should consult Gilbert regarding those changes.

 

 pkt.Request(8), [
 ], info_str=(Path, "Release Lock on: %s", "/%s"))

As for the current update with the section added...

 

#ifdef FAKE_TREE_IS_VISIBLE
        PTREE_DATA(ncp_tree)->visible=1;
#endif

 

This generates a crash when you perform a find for a string in the packet list. This is due to ncp_tree being null. So each of these ifdef conditions needs to have the following modification...

 

#ifdef FAKE_TREE_IS_VISIBLE
    if (ncp_tree) {
        PTREE_DATA(ncp_tree)->visible=1;
    }
#endif

To duplicate the crash in the current build.

Open any trace that includes NCP packet data. (I can supply one if needed)

click on the find a packet item in the toolbar or use the Ethereal menu "Edit", "Find Packet"

In the Find Packet window select Find by String, Search in Packet list, and enter any data to find in the edit box, finally click the Find button

 

The crash will occur on the initial find if the string cannot be found or on subsequent finds (find next) <Ctl><N>.

 

Diff is attached. Made against current SVN.

 

Greg

>>> sahlberg@xxxxxxxxxxxx 4/4/2005 6:15 AM >>>

User: sahlberg
Date: 2005/04/03 11:14 PM

Log:
the netware dissector is the only dissector that accesses fvalue_ functions directly.

this made it crash for some packets when the filter speedup patch was enabled, since some of these finfo nodes did no longer exist.

as far as i can tell the only other instances of fvalue_ usage is from some tap based functions but all those do take care to make sure that the fields being accessed are all part of a filter, and will thus never be optimized away.

The patch does two things

1, refactor the code but do not change the logic to reduce the number of places where the external fvalue_ functions are called from.

2, add code to force the tree to be visible (and thus change the code) so that the speedup patch will not optimize these fiuelds away.

Directory: /trunk/epan/dissectors/
  Changes    Path                  Action
  +68 -13    packet-ncp2222.inc    Modified



http://anonsvn.ethereal.com/viewcvs/viewcvs.py?rev=14009&view=rev

_______________________________________________
Ethereal-cvs mailing list
Ethereal-cvs@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-cvs

Index: packet-ncp2222.inc
===================================================================
--- packet-ncp2222.inc	(revision 14021)
+++ packet-ncp2222.inc	(working copy)
@@ -4395,7 +4395,9 @@
         guint32                 testvar;
 
 #ifdef FAKE_TREE_IS_VISIBLE
-	PTREE_DATA(ncp_tree)->visible=1;
+    if (ncp_tree) {
+        PTREE_DATA(ncp_tree)->visible=1;
+    }
 #endif
 
 	func = tvb_get_guint8(tvb, 6);
@@ -4775,7 +4777,9 @@
         guint32                         bvalue=0;
         
 #ifdef FAKE_TREE_IS_VISIBLE
-	PTREE_DATA(ncp_tree)->visible=1;
+    if (ncp_tree) {
+        PTREE_DATA(ncp_tree)->visible=1;
+    }
 #endif
 
 	strcpy(reply_buffer.buffer, "");
@@ -6106,7 +6110,9 @@
 	int			i;
 
 #ifdef FAKE_TREE_IS_VISIBLE
-	PTREE_DATA(ncp_tree)->visible=1;
+    if (ncp_tree) {
+        PTREE_DATA(ncp_tree)->visible=1;
+    }
 #endif
 
 	for (i = 0; i < 9; i++) {
@@ -8486,7 +8492,9 @@
 	char			string_buffer[1024];
         
 #ifdef FAKE_TREE_IS_VISIBLE
-	PTREE_DATA(ncp_tree)->visible=1;
+    if (ncp_tree) {
+        PTREE_DATA(ncp_tree)->visible=1;
+    }
 #endif
 
 	pvalue.vvalue = 0;