Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1029] Tshark -R doesn't support "frame.time >= Jul 20, 2006 17:51:38.368"

Wireshark-bugs: [Wireshark-bugs] [Bug 1029] Tshark -R doesn't support "frame.time >= Jul 20, 200

Date: Sun, 18 Mar 2007 14:21:02 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1029





------- Comment #4 from jeff.morriss@xxxxxxxxxxx  2007-03-18 14:21 GMT -------
I looked a bit into this and it turns out that the problem is that the filter:

frame.time > Jul 20, 2006 1

is, apparently a valid filter (note that if you take the trailing "1" off it is
no longer a valid filter?!?).  It seems to be a valid TEST_OP_EXISTS, though I
can't quite see why.

Hmmm, apparently:

foo.bar > Dec 31, 2002 05

is also a valid filter.  Weird.

Anyway, TEST_OP_EXISTS is basically an "entity":

ogical_test(T) ::= entity(E).
{
        T = stnode_new(STTYPE_TEST, NULL);
        sttype_test_set1(T, TEST_OP_EXISTS, E);
}

which can be:

/* Entities, or things that can be compared/tested/checked */
entity(E) ::= FIELD(F).         { E = F; }
entity(E) ::= STRING(S).        { E = S; }
entity(E) ::= UNPARSED(U).      { E = U; }
entity(E) ::= range(R).         { E = R; }


I *suppose* the problem is that in this case the entity is an UNPARSED string? 
I ran out of time about here.  Oof, I hate parsers...


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Prev by Date: [Wireshark-bugs] [Bug 1451] Buildbot crash output: fuzz-2007-03-18-17676.pcap
Next by Date: [Wireshark-bugs] [Bug 1452] New: Buildbot crash output: fuzz-2007-03-18-17465.pcap
Previous by thread: [Wireshark-bugs] [Bug 1451] Buildbot crash output: fuzz-2007-03-18-17676.pcap
Next by thread: [Wireshark-bugs] [Bug 1452] New: Buildbot crash output: fuzz-2007-03-18-17465.pcap
Index(es):
- Date
- Thread