Martin Regner wrote: >Guy Harris wrote: >> The problem is, I suspect, that the new code for attaching window >> scaling option information to a conversation is used regardless of >> whether TCP sequence analysis is enabled, and that code calls >> "get_tcp_conversation_data()", which assumes that "tcp_analysis_chunk" >> is non-NULL, but that memory chunk is allocated only if TCP sequence >> analysis is enabled. >> > >Yes, you are probably right. I have now turned on the "Analyze TCP Sequence numbers" >and "Relative Seq nums and Window Scaling" options as a temporar fix and then I don't >get a crash with the same captures. > >I didn't have Window Scaling turned on when I got the crash, but it seems that that >routine was called anyway.
After I moved the allocation of tcp_analysis_chuck so that it is always allocated I still got some crashes in TCP dissector. It seems that there is a need to check if get_tcp_conversation_data returns NULL in the pdu_store_window_scale_option and the tcp_analyze_sequence_number subroutines and then just return, or maybe there is something else that is wrong? I had to look on another problem, so I didn't have time to look so much on the code. But it seems that I got rid of the crashes with that capture file at least, which meant that I could continue to look into the problem I really intended to look on.
