Jakub
Excellent...!!!
That was the problem..!!
I simply commented out the following...(which called gmtime())
proto_tree_add_time_format(helen_tree, hf_helen_txTime, tvb,
offset, 8, &t,
"Date: %s %2d, %d %02d:%02d:%02d
UTC",mon_names[tmp->tm_mon],tmp->tm_mday,
tmp->tm_year + 1900,tmp->tm_hour,tmp->tm_min,tmp->tm_sec);
And it did NOT crash..!!
You mentioned about putting in an if statement to check it
if (abs_time->secs > 2000000000) tmp = NULL;
Where would / could you put this at..?? And what would you do if it was
null..??
Thanks,
Brian
Jakub Zawadzki wrote:
> On Wed, Mar 24, 2010 at 09:59:36AM -0400, Brian Oleksa wrote:
>
>> So I did some more troubleshooting only to find the following:
>> The dissector crashes in WinXP but not on my Fedora Core 9 box. This is
>> weird.
>>
>> Using editcap... I was able to find the frame on windows to which wireshark
>> crashed on (which was frame 17641).
>> I opened the same .pcap file on my FC-9 box (it did not crash)...but I went
>> to frame 17641 only to find out that it is a Malformed Packet.
>>
>> Any thoughts..??
>>
>
> I'd bet on calls to gmtime().
>
> 1/ gmtime() can return NULL.
> 2/ Windows-specific:
> These functions validate their parameter. (...) if the timer value is
> negative, these functions invoke an invalid
> parameter handler, as described in Parameter Validation. [1]
>
> The behavior of the C Runtime when an invalid parameter is found is to
> call the currently assigned invalid parameter handler.
> The default invalid parameter invokes Watson crash reporting, which
> *causes the application to crash* (...) [2]
>
> Which reminds me of some checks in to_str.c ( e.g. if (abs_time->secs >
> 2000000000) tmp = NULL; )
> maybe custom handler for _set_invalid_parameter_handler() [3] would be enough?
> (I can't test it ;/)
>
> Cheers.
>
> [1] http://msdn.microsoft.com/en-us/library/0z9czt0w%28VS.80%29.aspx
> [2] http://msdn.microsoft.com/en-us/library/ksazx244%28VS.80%29.aspx
> [3] http://msdn.microsoft.com/en-us/library/a9yf33zb%28VS.80%29.aspx
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <[email protected]>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:[email protected]?subject=unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
