Wireshark-bugs: [Wireshark-bugs] [Bug 7436] Single packet capture takes 10 CPU-seconds to decode
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 5 Jul 2012 13:13:26 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436

--- Comment #8 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2012-07-05 13:13:25 PDT ---
(In reply to comment #7)
> (In reply to comment #5)
> > Is this right? In the sample, "0x6a617200" is "jar\000", i.e. the end of the
> > filename in the OPEN request. However, your version does indeed take 2.4x
> > longer to run (0xffffffff/0x6a617200). I don't understand how part of the
> > filename is ending up as a loop counter.
> 
> Good point, when there's no tree then offset from some function is not properly
> returned (like in dissect_nfs_open_claim4, dissect_nfs_openflag4).
> 
> There's actually no CREATE_SESSION in packet, so dissect_rpc_chanattrs4()
> should not be called in first place.
> 
> Jeff, I'm going to fix it and close this bug
> I can try to craft malformed packet with CREATE_SESSION and add to another bug
> (like bug #3290?), it's fine for you?

Yes, that's fine with me.  Those if(tree)s in packet-rpc.c should come out
sometime somehow, but it seems we also have to fix the decode.  No shortage of
problems to fix ;-).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.