Wireshark-bugs: [Wireshark-bugs] [Bug 2453] segmentation fault with wslua script
Date: Thu, 15 May 2008 07:17:37 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2453





--- Comment #25 from Balint Reczey <balint.reczey@xxxxxxxxxxxx>  2008-05-15 07:17:35 PDT ---

(In reply to comment #24)
> > I think we should disable the outstanding stuff for now because it causes
> > random crashes and warn users not to keep references to buffers/trees/pinfos
> > from previous packets.
> 
> I do not thing relying on users not to do anything that crashes is a good
> solution at all.
Generally i agree, but here "users" mean dissector writers, and it is pretty
easy to crash Wireshark with a badly written C dissector.
If they keep references to previous tvbs/pinfos/trees in a Lua dissector, they
can crash Wireshark from Lua, too.

> 
> I think you found the problem:
> 
> As you said We are NULLifying already removed objects for which if there was a
> __gc it would have being called.
I think that NULLifying the stored C pointers does not work, since the Lua code
may store pointers to the freed tvb in Lua objects.
We can't use _gc, either, because those Lua object may be accessed before any
gc run.
I think it'd be better to use __assign to prohibit Lua assignment for the
problematic objects.

> We *do* need a __gc but not for freeing the resources (that's taken care
> elsewhere) but to remove the reference to the boxed object from the outstanding
> objects queue.
> 
> Luis
> 


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.