2014-11-27 16:37 GMT+01:00 Evan Huus <eapa...@gmail.com>:
> On Thu, Nov 27, 2014 at 10:21 AM, Alexis La Goutte
> <alexis.lagou...@gmail.com> wrote:
> > Hi,
> >
> > On Thu, Nov 27, 2014 at 4:13 AM, 蓝常珍 <lanc...@gmail.com> wrote:
> >> In the function "dissect_ipv6" of the ipv6
> >> dissector(packet-ipv6.c),the ip6_hdr struct is allocated on the
> >> stack,then it's address is passed to tap_queue_packet.I notice that
> >> the other dissectors do not look like this.
> >>
> >> The code snippet of the dissect_ipv6 function,from dev-version 1.99.0:
> >>
> >> static void
> >> dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
> >> {
> >> struct ip6_hdr ipv6;
> >> ...
> >> tap_queue_packet(ipv6_tap, pinfo, &ipv6);
> >> ...
> >> }
> > What the bug ?
>
> I think the implication is that when the tap runs, the pointer will be
> invalid because the stack frame will have been destroyed. So any tap
> trying to access that structure will cause an invalid memory access?
>
Hi,
yes I agree. Fortunately it looks like there is no listener for this tap
(unless I missed it). Should we fix it or remove it completely?
Pascal.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
