Closed kfcviptel closed 3 years ago
guyharris
commented
4 years ago I've tried it with the current tip of the master branch, and it didn't core dump on macOS 10.15.4, at least. I don't know whether that's an issue of the file, the time, the build environment (64-bit x86, macOS, Apple clang version 11.0.3 (clang-1103.0.32.59)), or changes that have been made to it since you tried it.
infrastation
commented
3 years ago The error does not reproduce on current master branches of tcpslice and libpcap with Linux x86_64 and gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0. I have tried specifying the start date a few years after the last packet and even a few years after the current time, the capture file was vrrp.pcap from the tcpdump tests.
The issue is not caused by a failure to read the input file or to write the output file, in these cases tcpslice prints an error message and exits. Without the original pcap file it is not feasible to troubleshoot any further.
The original reporter, it is sad that this bug report has been waiting for 4.5 years just to be triaged, but the amount of resources is such that a lot of things fall through the gaps, so please excuse us. If you still have a pcap file that triggers a core dump, please reopen this bug report and produce the file here or privately. Closing the case for now.
I observed that if I try to extract data from a file in a timerange after what is in the file, then tcpslice coredumps. It is very easy to reproduce, just request a timestamp in the future on any file.
$tcpslice -w /tmp/kjeldbond0.pcap 1450750007 +3600 /tmp/dump/5060-102.lxcbr1.pcap Segmentation fault (core dumped) $ utc 1450750007 Result string is "2015-12-22 03:06:47"