Hi Anders, I found an ASAN bug in wiretap (stack-based buffer overrun) for which an initial patch was submitted to https://code.wireshark.org/review/1628/ (patchset 1 or 2).
After a more thorough look, it seems that the pcapng_dump_t type and related code are unused. It was first added in commit a41d93603c07fa8b6a7a334e7bf969ebd188085e Author: Michael Tüxen <tue...@fh-muenster.de> 2009-06-27 17:20:44 Add support for writing pcapng files with multiple encapsulations. This fixes a bug reported by Sake during the Sharkfest 09. Thanks for providing a Netscreen tracefile with multiple link layer types. This patch will be included in Wireshark 1.2.1 and higher. svn path=/trunk/; revision=28862 Your (Anders) patch commented out the functions that actually use this: commit c7f1a431d23e17a15777652b1252e139f182b0e6 Author: Anders Broman <anders.bro...@ericsson.com> Date: Mon Feb 20 20:15:51 2012 +0000 Handle reading and writing of multiple IDB:s, write IDB options and use correct lengt for strings, handle more than 100 char comment svn path=/trunk/; revision=41082 It seems that the functionality got moved to other files, but the original code using pcapng_dump_t can be removed (including the overrunning g_array_ parts). Is that a correct observation? A patch is underway, I'm asking just in case the change was unintentional. Kind regards, Peter ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe