2014-11-27 16:37 GMT+01:00 Evan Huus <eapa...@gmail.com>: > On Thu, Nov 27, 2014 at 10:21 AM, Alexis La Goutte > <alexis.lagou...@gmail.com> wrote: > > Hi, > > > > On Thu, Nov 27, 2014 at 4:13 AM, 蓝常珍 <lanc...@gmail.com> wrote: > >> In the function "dissect_ipv6" of the ipv6 > >> dissector(packet-ipv6.c),the ip6_hdr struct is allocated on the > >> stack,then it's address is passed to tap_queue_packet.I notice that > >> the other dissectors do not look like this. > >> > >> The code snippet of the dissect_ipv6 function,from dev-version 1.99.0: > >> > >> static void > >> dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) > >> { > >> struct ip6_hdr ipv6; > >> ... > >> tap_queue_packet(ipv6_tap, pinfo, &ipv6); > >> ... > >> } > > What the bug ? > > I think the implication is that when the tap runs, the pointer will be > invalid because the stack frame will have been destroyed. So any tap > trying to access that structure will cause an invalid memory access? >
Hi, yes I agree. Fortunately it looks like there is no listener for this tap (unless I missed it). Should we fix it or remove it completely? Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe