search

heinrich5991 / libtw2

Some Teeworlds stuff in Rust.™
Apache License 2.0
50 stars 16 forks source link

wireshark-dissector: 0.7 unique race server panic #103

Closed ChillerDragon closed 4 months ago

ChillerDragon commented 4 months ago

pcap.zip

This is ddnet7 connecting to unique race servers.

libtw2 version: f3c8840d756bc06e436656c16f48f02bcb4ce8b3

$ wireshark --version
Wireshark 4.2.5 (v4.2.5-0-g4aa814ac25a1).

Copyright 1998-2024 Gerald Combs <gerald@wireshark.org> and contributors.
Licensed under the terms of the GNU General Public License (version 2 or later).
This is free software; see the file named COPYING in the distribution. There is
NO WARRANTY; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) using GCC 12.2.0, with GLib 2.74.6, with Qt 6.4.2, with
libpcap, without POSIX capabilities, without libnl, with zlib 1.2.13, with
PCRE2, with Lua 5.1.5, with GnuTLS 3.7.9 and PKCS #11 support, with Gcrypt
1.10.1, without Kerberos, without MaxMind, without nghttp2, without nghttp3,
with brotli, without LZ4, with Zstandard, without Snappy, with libxml2 2.9.14,
without libsmi, without QtMultimedia, without automatic updates, without
Minizip, with binary plugins.

Running on Linux 6.1.0-16-amd64, with Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
(with SSE4.2), with 15889 MB of physical memory, with GLib 2.74.6, with Qt
6.4.2, with libpcap 1.10.3 (with TPACKET_V3), with zlib 1.2.13, with PCRE2 10.42
2022-12-11, with c-ares 1.18.1, with GnuTLS 3.7.9, with Gcrypt 1.10.1, with
brotli 1.0.9, with Zstandard 1.5.4, with LC_TYPE=en_US.UTF-8, binary plugins
supported.
$ wireshark ddnet7_unique_race.pcap 
thread '<unnamed>' panicked at wireshark-dissector/src/spec.rs:1038:21:
called `Result::unwrap()` on an `Err` value: Error { kind: WriteZero, message: "failed to write whole buffer" }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
fatal runtime error: failed to initiate panic, error 5
Aborted

I assume it is caused by the 0.7 race extension snap items. They are defined in the json spec but maybe their size edge case is not handled correctly.

ChillerDragon commented 4 months ago

image

The race game data includes a size field. Because it was added after the 0.7 release.

heinrich5991 commented 4 months ago

This looks like a snapshot. The bug is likely unrelated to the snapshot since the dissector doesn't parse the snapshot data.

ChillerDragon commented 4 months ago

Oh yea in my tunnel vision working on snaps I must have line slipped in the backtrace. It fails on a string. The snap is one case statement above.

https://github.com/heinrich5991/libtw2/blob/089927d5c23129161f22e8a0c7bf8518a1fac18b/wireshark-dissector/src/spec.rs#L1038

ChillerDragon commented 4 months ago

nice