Wireshark-bugs: [Wireshark-bugs] [Bug 1001] free() invalid pointer in dissect_802_3 at packet-ie
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001
------- Comment #22 from dgautheron@xxxxxxxx 2006-07-30 17:15 GMT -------
(In reply to comment #21)
I had a closer look at the generated code and:
0xb723b930 <dissect_802_3+204>: call 0xb6e12f60 <tvb_new_subset@plt>
0xb723b935 <dissect_802_3+209>: mov %eax,0xffffff24(%ebp) /* -220
next_tvb */
0xb723b93b <dissect_802_3+215>: movl $0x0,0xffffff1c(%ebp) /* -228
except_stat */
0xb723b945 <dissect_802_3+225>: movl $0x1,0xc(%esp) /* num */
0xb723b94d <dissect_802_3+233>: lea 0xffc56190(%ebx),%eax /* catch */
0xb723b953 <dissect_802_3+239>: mov %eax,0x8(%esp)
0xb723b957 <dissect_802_3+243>: lea 0xffffff08(%ebp),%eax /* -248
&except_ch */
0xb723b95d <dissect_802_3+249>: mov %eax,0x4(%esp)
0xb723b961 <dissect_802_3+253>: lea 0xffffffd8(%ebp),%eax /* -40 &except_sn
*/
0xb723b964 <dissect_802_3+256>: mov %eax,(%esp)
0xb723b967 <dissect_802_3+259>: call 0xb6e12430 <except_setup_try@plt>
0xb723b96c <dissect_802_3+264>: lea 0xffffff20(%ebp),%eax /* -224
except_ch.except_jmp */
0xb723b972 <dissect_802_3+270>: mov %eax,(%esp)
0xb723b975 <dissect_802_3+273>: call 0xb6e16900 <_setjmp@plt>
0xb723b97a <dissect_802_3+278>: lea 0xffffff10(%ebp),%edx /* -240
except_ch.except_obj */
if I didn't screw my math next_tvb offset is inside except_ch.
Notes:
dissect_802_3 has two TRY in the same functions it could confuse SSP gcc.
or it's a mess with include files can you to :
1) delete the first try (as long you don't capture truncated packet it should
work)
2) move the first TRY in a new function?
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
