On Thu, Nov 27, 2014 at 10:21 AM, Alexis La Goutte <[email protected]> wrote: > Hi, > > On Thu, Nov 27, 2014 at 4:13 AM, 蓝常珍 <[email protected]> wrote: >> In the function "dissect_ipv6" of the ipv6 >> dissector(packet-ipv6.c),the ip6_hdr struct is allocated on the >> stack,then it's address is passed to tap_queue_packet.I notice that >> the other dissectors do not look like this. >> >> The code snippet of the dissect_ipv6 function,from dev-version 1.99.0: >> >> static void >> dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) >> { >> struct ip6_hdr ipv6; >> ... >> tap_queue_packet(ipv6_tap, pinfo, &ipv6); >> ... >> } > What the bug ?
I think the implication is that when the tap runs, the pointer will be invalid because the stack frame will have been destroyed. So any tap trying to access that structure will cause an invalid memory access? > there is no tap for all dissector... >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <[email protected]> >> Archives: http://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:[email protected]?subject=unsubscribe > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
