2014-11-28 12:40 GMT+01:00 Pascal Quantin <[email protected]>:
> > 2014-11-27 16:37 GMT+01:00 Evan Huus <[email protected]>: > >> On Thu, Nov 27, 2014 at 10:21 AM, Alexis La Goutte >> <[email protected]> wrote: >> > Hi, >> > >> > On Thu, Nov 27, 2014 at 4:13 AM, 蓝常珍 <[email protected]> wrote: >> >> In the function "dissect_ipv6" of the ipv6 >> >> dissector(packet-ipv6.c),the ip6_hdr struct is allocated on the >> >> stack,then it's address is passed to tap_queue_packet.I notice that >> >> the other dissectors do not look like this. >> >> >> >> The code snippet of the dissect_ipv6 function,from dev-version 1.99.0: >> >> >> >> static void >> >> dissect_ipv6(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) >> >> { >> >> struct ip6_hdr ipv6; >> >> ... >> >> tap_queue_packet(ipv6_tap, pinfo, &ipv6); >> >> ... >> >> } >> > What the bug ? >> >> I think the implication is that when the tap runs, the pointer will be >> invalid because the stack frame will have been destroyed. So any tap >> trying to access that structure will cause an invalid memory access? >> > > Hi, > > yes I agree. Fortunately it looks like there is no listener for this tap > (unless I missed it). Should we fix it or remove it completely? > Actually there are users of this tap. I fixed it in https://code.wireshark.org/review/#/c/6276/ Regards, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
