[Ethereal-dev] Core dump in current gsm-sms-ud dissector

Biot Olivier Tue, 27 Jan 2004 06:10:37 -0800

Hi list,

Current "gsm-sms-ud" dissector causes a crash on a reference capture I have
(funny it didn't crash yesterday when I committed a SMPP patch). I think the
gsm-sms-ud protocol registration is the cause (handle = 0x0). As I don't
have the time right now, could someone else have a look?


Regards,

Olivier

GNU gdb 2003-09-20-cvs (cygwin-special)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-cygwin"...
(gdb) r
Starting program:
/home/Administrator/Ethereal/cvs/ethereal-pcre/ethereal.exe -r
/home/be322008/Desktop/Snoops/BigCap.snoop

Program received signal SIGSEGV, Segmentation fault.
0x00a8e5af in call_dissector_work (handle=0x0, tvb=0x10defe60, 
    pinfo=0x10e05c18, tree=0x10425b48) at packet.c:403
403             if (handle->protocol != NULL &&
(gdb) bt full
#0  0x00a8e5af in call_dissector_work (handle=0x0, tvb=0x10defe60, 
    pinfo=0x10e05c18, tree=0x10425b48) at packet.c:403
        saved_proto = 0x610e2707
"\213M\b)Y\b\001\031\211�\001]�)�\213U\f\213B\b)�\205�\211B\b\017\204g���\21
3U\b\205�\017�B\fu\234�\212\213\032\213B\020)�\211\004$\215\f\037\211M�\211L
$\004��)��\205�\017\204=���\213U\b\213M�\211B\020\001�\211�\211\002\211J\024
\211z\b�x���\213U\b\213\002;B\020v\0049�wS\213U\b\213Z\0249�r'\211\\$\b\213M
�\211L$\004\213B \211\004$�R(\205�\211�\017\217j��������\215t&"
        saved_can_desegment = 50824
        ret = 10357596
        save_writable = 2284280
        save_dl_src = {type = 283049568, len = 0, 
  data = 0x15934d4 "\211X\004\211�\215e�[^]�\211���U\211���\006"}
        save_dl_dst = {type = 269763144, len = 4096, 
  data = 0x9e0aea "[Illegal %s]"}
        save_net_src = {type = 282274976, len = 6, 
  data = 0x21 <Address 0x21 out of bounds>}
        save_net_dst = {type = 128, len = 189, data = 0x10defe60 ""}
        save_src = {type = AT_NONE, len = 1, 
  data = 0x9e08fd "Frame: %u, payload: %u-%u"}
        save_dst = {type = 272766776, len = 4349, data = 0x10defe60 ""}
        saved_proto = 0x610e2707
"\213M\b)Y\b\001\031\211�\001]�)�\213U\f\213B\b)�\205�\211B\b\017\204g���\21
3U\b\205�\017�B\fu\234�\212\213\032\213B\020)�\211\004$\215\f\037\211M�\211L
$\004��)��\205�\017\204=���\213U\b\213M�\211B\020\001�\211�\211\002\211J\024
\211z\b�x���\213U\b\213\002;B\020v\0049�wS\213U\b\213Z\0249�r'\211\\$\b\213M
�\211L$\004\213B \211\004$�R(\205�\211�\017\217j��������\215t&"
        saved_can_desegment = 50824
        ret = 10357596
        save_writable = 2284280
        save_dl_src = {type = 283049568, len = 0, 
  data = 0x15934d4 "\211X\004\211�\215e�[^]�\211���U\211���\006"}
        save_dl_dst = {type = 269763144, len = 4096, 
  data = 0x9e0aea "[Illegal %s]"}
        save_net_src = {type = 282274976, len = 6, 
  data = 0x21 <Address 0x21 out of bounds>}
        save_net_dst = {type = 128, len = 189, data = 0x10defe60 ""}
        save_src = {type = AT_NONE, len = 1, 
  data = 0x9e08fd "Frame: %u, payload: %u-%u"}
        save_dst = {type = 272766776, len = 4349, data = 0x10defe60 ""}
#1  0x00a903bf in call_dissector (handle=0x0, tvb=0x10defe60, 
    pinfo=0x10e05c18, tree=0x10425b48) at packet.c:1596
        handle = 0x0
        tvb = (tvbuff_t *) 0x10defe60
        pinfo = (packet_info *) 0x10e05c18
        tree = (proto_tree *) 0x10425b48
        ret = 0
#2  0x0061e536 in parse_gsm_sms_ud_message (sm_tree=0x10ce51f0, 
    tvb=0x10defe2c, pinfo=0x10e05c18, top_tree=0x10425b48)
    at packet-gsm_sms_ud.c:385
        sm_tvb = (tvbuff_t *) 0x10defe60
        subtree = (proto_item *) 0x10427750
        tree = (proto_item *) 0x104279a8
        udh_len = 11 '\v'
        udh = 96 '`'
        len = 3 '\003'
        sm_len = 63
        sm_data_len = 283049568
        i = 283139096
        is_fragmented = 1
        fd_sm = (fragment_data *) 0x0
        sm_id = 0
        frags = 2
        frag = 2
        save_fragmented = 0
        try_gsm_sms_ud_reassemble = 1
        reassembled = 1
        reassembled_in = 12789
        p_src = 49154
        p_dst = 49999
        ports_available = 1
#3  0x0061ebc8 in dissect_gsm_sms_ud (tvb=0x10defe2c, pinfo=0x10e05c18, 
    tree=0x10425b48) at packet-gsm_sms_ud.c:423
        tvb = (tvbuff_t *) 0x10425b48
        pinfo = (packet_info *) 0x0
        tree = (proto_tree *) 0x10defe60
        ti = (proto_item *) 0x0
        subtree = (proto_tree *) 0x0
#4  0x00a8e571 in call_dissector_through_handle (handle=0x10088638, 
    tvb=0x10defe2c, pinfo=0x10e05c18, tree=0x10425b48) at packet.c:363
        handle = 0x10defe60
        tvb = (tvbuff_t *) 0x10defe2c
        pinfo = (packet_info *) 0x10425b48
        saved_proto = 0x61f292 "GSM SMS UD"
        ret = 0
#5  0x00a8e8f0 in call_dissector_work (handle=0x10088638, tvb=0x10defe2c, 
    pinfo=0x10e05c18, tree=0x10425b48) at packet.c:513
        saved_proto = 0x90c9a4 "SMPP"
        saved_can_desegment = 1
        ret = 283049540
        save_writable = 0
        save_dl_src = {type = 283049464, len = 283049516, 
  data = 0x22ca98 "��\""}
        save_dl_dst = {type = AT_NONE, len = 283049516, 
  data = 0x10defe2c "\001"}
        save_net_src = {type = 2280008, len = 22623468, 
  data = 0x22ca68 "\230�\""}
        save_net_dst = {type = 283049464, len = 74, data = 0x22ca68
"\230�\""}
        save_src = {type = 283049544, len = 2280036, 
  data = 0x1 <Address 0x1 out of bounds>}
        save_dst = {type = 283049464, len = 39, 
  data = 0x4a <Address 0x4a out of bounds>}
        saved_proto = 0x90c9a4 "SMPP"
        saved_can_desegment = 1
        ret = 283049540
        save_writable = 0
        save_dl_src = {type = 283049464, len = 283049516, 
  data = 0x22ca98 "��\""}
        save_dl_dst = {type = AT_NONE, len = 283049516, 
  data = 0x10defe2c "\001"}
        save_net_src = {type = 2280008, len = 22623468, 
  data = 0x22ca68 "\230�\""}
        save_net_dst = {type = 283049464, len = 74, data = 0x22ca68
"\230�\""}
        save_src = {type = 283049544, len = 2280036, 
  data = 0x1 <Address 0x1 out of bounds>}
        save_dst = {type = 283049464, len = 39, 
  data = 0x4a <Address 0x4a out of bounds>}
#6  0x00a903bf in call_dissector (handle=0x10088638, tvb=0x10defe2c, 
    pinfo=0x10e05c18, tree=0x10425b48) at packet.c:1596
        handle = 0x0
        tvb = (tvbuff_t *) 0x10defe2c
        pinfo = (packet_info *) 0x10e05c18
        tree = (proto_tree *) 0x10425b48
        ret = 0
#7  0x0090b987 in submit_sm (tree=0x10ce50a0, tvb=0x10defdf8, 
    pinfo=0x10e05c18, top_tree=0x10425b48) at packet-smpp.c:1404
        tvb = (tvbuff_t *) 0x10e05c18
        top_tree = (proto_tree *) 0x0
        tvb_msg = (tvbuff_t *) 0x0
        offset = 39
        flag = 0 '\0'
        udhi = 64 '@'
        length = 74 'J'
        src_str = 0x10e1f610 "32477200179"
        dst_str = 0x10e1f630 "32476471861"
        save_src = {type = AT_IPv4, len = 4, data = 0x10e1f650 "�\020\v}"}
        save_dst = {type = AT_IPv4, len = 4, data = 0x10e1f660
"�\021\003\006"}
#8  0x0090cccc in dissect_smpp_pdu (tvb=0x10defd90, pinfo=0x10e05c18, 
    tree=0x10425b48) at packet-smpp.c:1918
        tmp_tvb = (tvbuff_t *) 0x0
        pdu_tvb = (tvbuff_t *) 0x10defe2c
        tvb = (tvbuff_t *) 0x10defe2c
        command_length = 129
        command_id = 4
        command_status = 0
        sequence_number = 2
        command_str = (gchar *) 0x9071b2 "Submit_sm"
        command_status_str = (gchar *) 0x0
        ti = (proto_item *) 0x10ce50a0
        smpp_tree = (proto_tree *) 0x10ce50a0
#9  0x0094810a in tcp_dissect_pdus (tvb=0x10defcf4, pinfo=0x10e05c18, 
    tree=0x10425b48, proto_desegment=0, fixed_len=16, 
    get_pdu_len=0x90c830 <get_smpp_pdu_len>, 
    dissect_pdu=0x90c9d0 <dissect_smpp_pdu>) at packet-tcp.c:1989
        except_sn = {except_down = 0x22ceb0, except_type = XCEPT_CATCHER, 
  except_info = {except_catcher = 0x22cbb0, except_cleanup = 0x22cbb0}}
        except_ch = {except_id = 0x947f48, except_size = 1, except_obj = {
    except_id = {except_group = 4, except_code = 283049204}, 
    except_message = 0x10defcf4 "\001", except_dyndata = 0x0}, except_jmp =
{
    2280392, 129, 2280608, 2280608, 0, 0, 2280664, 2280336, 9732201,
3670051, 
    2293760, 129, 2280504, 11119404, 272135670, 129, 32, 2280484, 2280488,
0, 
    -1, 2280492, 539151408, 0, 0, 269553448, 269543640, 2280685, 2280552, 
    9103820, 283049204, 0, -1, 283049204, 2280672, 2280620, 2280584,
11112344, 
    283049204, 8, 4, 2280620, 2280624, 2280672, 2280664, 283049204,
269543736, 
    2, 2280632, 11116599, 283049204, 8}}
        exc = (except_t *) 0x1
        catch_spec = {{except_group = 1, except_code = 0}}
        offset = 0
        offset_before = 0
        length_remaining = 129
        plen = 129
        length = 0
        next_tvb = (tvbuff_t *) 0x10defd90
#10 0x0090c91f in dissect_smpp (tvb=0x10defcf4, pinfo=0x10e05c18, 
    tree=0x10425b48) at packet-smpp.c:1681
        tvb = (tvbuff_t *) 0x10defcf4
        offset = 269543736
#11 0x0090c81f in dissect_smpp_heur (tvb=0x10defcf4, pinfo=0x10e05c18, 
    tree=0x10425b48) at packet-smpp.c:1656
        tvb = (tvbuff_t *) 0x10defcf4
        pinfo = (packet_info *) 0x0
        tree = (proto_tree *) 0x0
        command_id = 0
        command_status = 0
        command_length = 0
#12 0x00a8fd96 in dissector_try_heuristic (sub_dissectors=0x100f1250, 
    tvb=0x10defcf4, pinfo=0x10e05c18, tree=0x10425b48) at packet.c:1449
        status = 0
        saved_proto = 0x947827 "TCP"
        entry = (GSList *) 0x1010e938
        dtbl_entry = (heur_dtbl_entry_t *) 0x10defcf4
        saved_can_desegment = 2
        status = 0
        saved_proto = 0x947827 "TCP"
#13 0x00948b50 in decode_tcp_ports (tvb=0x10defcc0, offset=20, 
    pinfo=0x10e05c18, tree=0x10425b48, src_port=55405, dst_port=8100)
    at packet-tcp.c:2308
        tvb = (tvbuff_t *) 0x0
        offset = 0
        pinfo = (packet_info *) 0x10e05c18
        dst_port = 55405
        next_tvb = (tvbuff_t *) 0x10defcf4
        low_port = 0
        high_port = 55405
#14 0x00948cde in process_tcp_payload (tvb=0x10defcc0, offset=20, 
    pinfo=0x10e05c18, tree=0x10425b48, tcp_tree=0x104259f8, src_port=55405, 
    dst_port=8100, nxtseq=0, is_tcp_segment=0) at packet-tcp.c:2333
        except_sn = {except_down = 0x22d630, except_type = XCEPT_CATCHER, 
  except_info = {except_catcher = 0x22cdc0, except_cleanup = 0x22cdc0}}
        except_ch = {except_id = 0x948c28, except_size = 1, except_obj = {
    except_id = {except_group = 1907106356, except_code = 0}, 
    except_message = 0x103f8400 "t1�", except_dyndata = 0x0}, except_jmp = {
    2280920, 2281424, 2281136, 2281136, 0, 283139096, 2281176, 2280864, 
    9735279, 3670051, 2293760, 12537496, 2281112, 1628311491, 2290256, 
    2280992, 9732433, 2281188, 269763222, 14451, 4017, 283049152, 272169624,

    283049152, 2281080, 11089326, 272169656, 0, 1, 1627983033, 2281104, 0, 
    2281096, 11158956, 272168256, 9, 2281112, 11158956, 281926832,
283140328, 
    2281144, 1627738564, 272168224, 283049152, 2281160, 11089326, 272168256,

    269763144, 1628240464, 4033, 4096, 12537496}}
        exc = (except_t *) 0x0
        catch_spec = {{except_group = 1, except_code = 0}}
#15 0x00947f12 in desegment_tcp (tvb=0x10e05c18, pinfo=0x10425b48, 
    offset=272783864, seq=55405, nxtseq=8100, sport=0, dport=0, tree=0x15a6,

    tcp_tree=0x10defcc0) at packet-tcp.c:1559
        pinfo = (packet_info *) 0x10e05c18
        tcpinfo = (struct tcpinfo *) 0x0
        ipfd_head = (fragment_data *) 0xbf4e98
        old_tsk = {src = 0x22cf38, dst = 0x0, seq = 2283056, sport = 1, 
  dport = 0, start_seq = 2280896, tot_len = 2281176, first_frame = 22525788}
        tsk = (tcp_segment_key *) 0x0
        must_desegment = 4096
        called_dissector = 4033
        deseg_offset = 1628240464
        deseg_seq = 269763144
        nbytes = 0
#16 0x00000014 in ?? ()
No symbol table info available.
#17 0x10e05c18 in ?? ()
No symbol table info available.
#18 0x10425b48 in ?? ()
No symbol table info available.
#19 0x104259f8 in ?? ()
No symbol table info available.
#20 0x0000d86d in ?? ()
No symbol table info available.
#21 0x00001fa4 in ?? ()
No symbol table info available.
(gdb) print *(pinfo->fd)
$1 = {next = 0x0, prev = 0x10ddd938, pfd = 0x0, num = 12789, pkt_len = 183, 
  cap_len = 183, cul_bytes = 5659137, rel_secs = 12263991, rel_usecs =
304677, 
  abs_secs = 1050582763, abs_usecs = 887462, del_secs = 0, del_usecs = 906, 
  file_off = 5982796, lnk_t = 1, flags = {passed_dfilter = 0, encoding = 0, 
    visited = 0, marked = 0, ref_time = 0}, color_filter = 0x0}
(gdb) q

_______________________________________________
Ethereal-dev mailing list
[EMAIL PROTECTED]
http://www.ethereal.com/mailman/listinfo/ethereal-dev

[Ethereal-dev] Core dump in current gsm-sms-ud dissector

Reply via email to