On Sat, Jul 21, 2001 at 04:08:45PM -0700, Guy Harris wrote:
> On Sat, Jul 21, 2001 at 03:12:49PM +0000, Giora Engel wrote:
> > Please try this bigger file.
>
> Please try version 0.6.2 of libpcap. If it crashes only in 0.5,
> but doesn't crash in 0.6.2,
I tried backing the fix to the optimizer out of my current-CVS version
of libpcap, and building tcpdump with that version of libpcap; when I
ran tcpdump with the huge.txt filter, it crashed, but when I put the fix
back in, it didn't, which means...
> it's probably the bug in question,
...which, in turn, means you should try applying the patch in my
previous message to your WinPcap source and recompiling.
(The patch causes "count_stmts()" to correctly count the number of
BPF statements a flowgraph would produce; without the patch, it
undercounts, meaning that the array of instructions allocated by
"icode_to_fcode()" will be too small - "icode_to_fcode()" is called
regardless of whether any optimization is done; yes, it could be
considered confusing that it appears in "optimize.c" - so the problem
may occur even with no optimization.
"convert_code_r()" is called from "icode_to_fcode()", and is, in fact,
storing into that array of instructions, so the bug will, in fact, cause
it to write past the end of the array, as Purify found it was doing.)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
