A number of protocols have IDs that can be reused that are used as
lookup keys. In most cases the frame number should be used as well
to differentiate repeat appearances of an ID. For response/request
matching, it is frequently useful to find the most recent frame number
(greatest value less than or equal to the current one) that contained
an ID.
We can achieve that by using a multimap that stores values with a given
ID in a tree keyed with the frame number. This works better than using
a map or a tree alone:
1) A map isn't ordered, so doesn't allow for less than or equal comparison.
2) Using a tree requires an ordering on all the ID components, and then
having to test all the components other than the frame number separately
for equality after retrieval.
Currently the multimap does not support inserting items without specifying
the tree key (and having the multimap generate a key), because the total
capacity of trees (including deleted nodes) is not tracked. If other use
cases are needed, this could be added later along with more generic
multimap support.
Use a multimap in ANSI MAP, ANSI TCAP, and GSM SMS, all of which need to
match lookup IDs that can be reused. Fix#7653.
Change our developer.gnome.org/glib URLs to
developer-old.gnome.org/glib. The official documentation for GLib
appears to be at https://docs.gtk.org/glib/, but it has a different
layout than the gnome.org content (and is surprisingly resistant to
exploration IMHO). We can switch to developer-old.gnome.org using a
simple substitution and it still seems to be updated, so do that for
now.
Instead of removing extra log information in the log handler
for the default log level, do it in the ws_message() macro.
This means ws_log_full() will work as expected.
Rename to ws_return_val_if_null() because the name needs to be more
generic to indicate it should be used to return any kind of value,
not just pointers.
Increase the log level to something more appropriate because failing
any of these checks is considered to be a programming error.
Add the faulty variable name to the output message.
Add the macro ws_return_val_if_zero() for completeness.
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: guint32_to_str_buf(fv->value.uinteger, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(448,47): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: 'function': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: guint64_to_str_buf(val, buf, size); [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\epan\ftypes\ftype-integer.c(793,31): warning C4267: ^ [C:\Development\wsbuild-msvc\epan\ftypes\ftypes.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: '=': conversion from 'size_t' to 'int', possible loss of data [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: fs_len = strlen(fs_buf); [C:\Development\wsbuild-msvc\rawshark.vcxproj]
C:\Development\wireshark\wireshark\rawshark.c(1140,24): warning C4267: ^ [C:\Development\wsbuild-msvc\rawshark.vcxproj]
Have these functions accept a zero max length to mean "display
the whole byte array". Change the max length parameter to receive a
number of bytes to print, not the length of the output character
string.
Adjust the macros bytes_to_str() and bytes_to_string_punct() to
produce the same output. Add more tests. Rename the functions to
bytes_to_str_maxlen() and bytes_to_str_punct_maxlen() because this is
an API break.
Matches is a special case that looks on the RHS and tries
to convert every unparsed value to a string, regardless
of the LHS type. This is not how types work in the display
filter. Require double-quotes to avoid ambiguity, because
matches doesn't follow normal Wireshark display filter
type rules. It doesn't need nor benefit from the flexibility
provided by unparsed strings in the syntax.
For matches the RHS is always a literal strings except
if the RHS is also a field name, then it complains of an
incompatible type. This is confusing. No type can be compatible
because no type rules are ever considered. Every unparsed value is
a text string except if it happens to coincide with a field
name it also requires double-quoting or it throws a syntax error,
just to be difficult. We could remove this odd quirk but requiring
double-quotes for regular expressions is a better, more elegant
fix.
Before:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp.srcport
dftest: tcp and udp.srcport are not of compatible types.
Filter: tcp matches udp.srcportt
Constants:
00000 PUT_PCRE udp.srcportt -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
After:
Filter: tcp matches "udp"
Constants:
00000 PUT_PCRE udp -> reg#1
Instructions:
00000 READ_TREE tcp -> reg#0
00001 IF-FALSE-GOTO 3
00002 ANY_MATCHES reg#0 matches reg#1
00003 RETURN
Filter: tcp matches udp
dftest: "udp" was unexpected in this context.
Filter: tcp matches udp.srcport
dftest: "udp.srcport" was unexpected in this context.
Filter: tcp matches udp.srcportt
dftest: "udp.srcportt" was unexpected in this context.
The error message could still be improved.
Converting from freq to channel only needed the 6 GHz freq. range
to be added, however, converting from channel to freq. will require
the function ieee80211_chan_to_mhz to take a starting frequency as
there's overlap in the channel numbering between 2.4/5 GHz and 6 GHz
bands. This may not be possible in some cases, so for now the
function will continue to do the conversion based on the order
on which the freq. ranges are defined. Specifically, it will favor
2.4/5 GHz over 6 GHz.
Use wslog to output debug information. Being able to control
it at runtime is a big advantage.
We extend the syntax tree nodes with a method to return a
canonical string representation.
Add a routine to walk the tree and return an textual representation
for debugging purposes.
Profile files which is only used in Qt is not automatically registered
during startup and must be explicit registered.
Add profile_register_persconffile() to handle this registration.
This is more readable and the extra error checking is functionally
the same as the original upstream code too, that trigerred some
compiler warnings.
Add missing 'static' qualifier.
Add a test for 'ws_opterr'.
Fix
wsutil/ws_getopt.c:93:21: error: possible misuse of comma operator here [-Werror,-Wcomma]
return ws_optind++, -1;
^
wsutil/ws_getopt.c:93:10: note: cast expression to void to silence warning
return ws_optind++, -1;
^~~~~~~~~~~
(void)( )
wsutil/ws_getopt.c:188:11: error: possible misuse of comma operator here [-Werror,-Wcomma]
name++, opt++;
^
wsutil/ws_getopt.c:188:5: note: cast expression to void to silence warning
name++, opt++;
^~~~~~
(void)( )
wsutil/ws_getopt.c:199:15: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
int l = arg-start;
~ ~~~^~~~~~
Add a .editorconfig entry for ws_getopt.[ch].
Besides the obvious limitation of being unavailable on Windows,
the standard is vague about getopt() and getopt_long() has many
non-portable pitfalls and buggy implementations, that increase
the maintainance cost a lot. Also the GNU libc code currently
in the tree is not suited for embedding and is unmaintainable.
Own maintainership for getopt_long() and use the musl implementation
everywhere. This way we don't need to worry if optreset is available,
or if the $OPERATING_SYSTEM version behaves in subtly different ways.
The API is under the Wireshark namespace to avoid conflicts with
system headers.
Side-note, the Mingw-w64 9.0 getopt_long() implementation is buggy
with opterr and known to crash. In my experience it's a headache to
use the embedded getopt implementation if the system provides one.
On the first packet of the conversation, the MPA layer is
dissected correctly followed by the DDP, RDMAP, RPC-over-RDMA,
RPC and NFS layers. The MPA layer sets the TCP conversation as
MPA protocol but when it dissects the RPC layer it also sets
the TCP conversation as RPC protocol thus overwriting the previous
protocol.
Added new port type PT_IWARP_MPA so that when the RPC layer
is dissected it does not overwrite the default protocol for
the TCP conversation which has already been set to MPA.
Fixes#15869.
This should fix the cppcheck warning "The unsigned expression
'sizeof(struct _PKT_INFO)' will never be negative so it is either
pointless or an error to check if it is."
wmem_safe_mult() was only used to do an overflow-safe multiplication of
a type size and a count of elements of that type; replace it with
wmem_safe_mult_type_size(), which takes the type as the first argument,
and checks only whether the count of elements is <= 0.
Fix the description in wsutil/exported_pdu_tlvs.h to reflect reality
(i.e., to match what the code in Wireshark that reads the exported PDU
TLVs, and all code that writes them, does).
In the code that dissects them, treat all strings as FT_STRINGZPAD, as
any null bytes at the end of the string are padding, not part of the
string.
See merge request !3895 and issue #17535.
Have wsutil/exported_pdu_tlvs.h define the LINKTYPE_WIRESHARK_UPPER_PDU
TLV type and length values, as well as the port type values written to
files in EXP_PDU_TAG_PORT_TYPE TLVs.
Update the comment that describes the LINKTYPE_WIRESHARK_UPPER_PDU TLVs
to more completely and correctly reflect reality (it was moved from
epan/exported_pdu.h to wsutil/exported_pdu_tlvs.h).
Rename those port type values from OLD_PT_ to EXP_PDU_PT_; there is
nothing "old" about them - yes, they originally had the same numerical
values as the PT_ enum values in libwireshark, but that's no longer the
case, and the two are now defined independently. Rename routines that
map between libwireshark PT_ values and EXP_PDU_PT_ values to remove
"old" from the name while we're at it.
Don't include epan/exported_pdu.h if we only need the
LINKTYPE_WIRESHARK_UPPER_PDU definitions - just include
wsutil/exported_pdu_tlvs.h.
In extcap/udpdump.c, include wsutil/exported_pdu_tlvs.h rather than
defining the TLV types ourselves.
This utility function is useful outside of epan. Move it to wsutil
and export the interface.
The move isn't completely clean as it requires duplicating two small
inline functions but that was necessary to avoiding moving too much at
once.
We have two format_size()s, with and without wmem scoped memory.
Move the wmem version to wsutil and add a convenience macro to
use g_malloc()ed memory.
This allows wmem to be used from other libraries, namely wsutil.
It is often the case that a funtion exists in wsutil and cannot
be used with a wmem scope, requiring some code duplication or
extra memory allocations, or vice-versa, code in epan cannot be
moved to wsutil because it has a wmem dependency.
To this end wmem is moved to wsutil. Scope management remains part
of epan because those scope semantics are specific to dissection.
fcntl.h appears to be available on all of our supported platforms,
including Windows. We've also been including it without HAVE_FCNTL_H
guards in a few places (e.g. sshdump.c) without any issues for some
time.
floorl is part of C99.
Mark wsutil's includes SYSTEM PRIVATE. This exposed a lot of targets
that were indirectly picking up include paths via the wsutil target, so
add direct includes where needed. The G.722 and G.726 codecs were
implicilty including tiffio.h; find it explicitly instead.
Mark some of wsutil's libraries PRIVATE, but leave commonly-used ones
PUBLIC.
Ping #17477.
Revert change to format_size() added in
f509a83381. This commit broke formatting
with spaces and introduced some dead code.
Also replace unnecessary call to format_size_wmem() and remove
unnecessary casts (since our warning settings were fixed in the
mean time).
Functions clock_gettime() and timespec_get() cover all the platforms
we support with sub-second resolution in a a portable manner. Fallback
to using time().
Pass a struct timespec to the log writer callback for maximum
flexibility.
At least according to the Single UNIX Standard, it merely has to be big
enough to hold a value in the range [-1, 1000000], and there must be
*an* environment in which it's no *larger* than a long.
Just cast it to long, and continue to print the result of dividing it by
1000 with %03ld.
Calling GLib functions inside the log writer is not safe,
it might infinitely recurse or abort if g_date_time_* logs
warnings because we registered our log handler for GLib itself.
This includes as little as possible in the assertion header, so
that it can be included globally in every file without pulling
any unwanted definitions. In particular pulling stdlib.h is
avoided because that can have side effects if it wants to
include non-portable extensions.
It is possible to have side-effects from include glib.h too, for
example because of G_LOG_DOMAIN.
These side-effects are usually avoidable with careful ordering
of pre-processor directives but with multiple levels of indirections
it can be hard to track. Better to make it robust to these kinds
of failures in the first place.
Also integrate with our logger for a cohesive experience (but
keep it a private dependency).
Minimizing the dependencies on other wsutil and GLib functions
reduces the chance that we will have a weird recursion pattern
in wslog and makes the code easier to analyze.
This avoids having to manage two different implementations.
For example with this change GLib functions will terminate
if Wireshark's fatal log level is set to a matching level
and the --log-file option will also output messages from
GLib itself.
This changes color use to be the very similar with GLib to
maintain familiarity. The only difference is that Message
and Info use a different color than Debug.
Also use the more familiar format of <domain> <level> instead
of <level> <domain>.
Instead of receiving the program name from GLib, pass it explicitly
to ws_log_init() instead and use that to initialize the GLib program
name.
ws_log_parse_args() will now exit the program when it encounters an
argument error if exit_failure >= 0.
Currently we are not filtering the unset (NULL) domain, on
the assumption that every log call should belong to a defined
domain.
However there are still many places in the codebase where this isn't
true and the fact that the null/default domain name is omitted from
the output and never filtered is probably surprising and user-unfriendly.
Users might understandably assume the filtering is buggy.
Give an indication, such as (none)-MESSAGE, to make this more
obvious.
The --log-debug and --log-noisy now accepts a '!' to invert the
match and disable the debug (noisy respectively) log level for
the listed domains.
Note this is different from --log-domains, that option
enables/disables the entire log domain itself, regardless of log
level.
ws_log_domains.h needs to be included before wslog.h to be used
to define WS_LOG_DOMAIN. Also the definition for enum ws_log_level
needs to be exported for other APIs so move that to ws_log_domains.h
and rename the file to ws_log_defs.h to reflect the new scope.
This is intended to replace logging in dissectors that has a
debug level with #ifdef DEBUG_foo and an extra level guarded
by a #ifdef DEBUG_EXTRA_foo.
But generally it can be used as another level of granularity
for debugging output, to avoid flooding the log with too
much information with typical usage.
Rename the filter functions without the unnecessary 'str'
suffix.
Option --log-debug or WIRESHARK_LOG_DEBUG is a list
of domains that are set to a "debug" log level. This
takes precedence over the normal log level and domain
filter options.
Enviroment variable WIRESHARK_LOG_FATAL and command line
option --log-fatal set the fatal log level. Messages with
fatal or highr priority cause the program to abort. By
default the fatal level is "error", but it can be set to
"critical" or "warning" with this option.
Domain filter expressions starting with '!' invert the match.
Only domains that do not match become active. Note that '!'
must be the first character in the filter and applies to the
whole expression.
Add macros to round to multiples of 2, 4, 8, 16, and 32.
Use them instead of independently defined macros.
(We don't define a general "round to a power of 2" macro to avoid the
risk of somebody passing something other than a power of 2 to it.)
A domain filter can be given in the environment variable
'WS_LOG_DOMAINS' or in a command-line options "--log-domains".
The filter is specified as a comma separated case insensitive list,
for example:
./tshark --log-domains=main,capture
Domain data type switches from an enum to a string. There is no
constaint on adding new domains, neither in code or at runtime.
The string format is arbitrary, only positive matches will produce
output.
Experience has shown that:
1. The current logging methods are not very reliable or practical.
A logging bitmask makes little sense as the user-facing interface (who
would want debug but not crtical messages for example?); it's
computer-friendly and user-unfriendly. More importantly the console
log level preference is initialized too late in the startup process
to be used for the logging subsystem and that fact raises a number
of annoying and hard-to-fix usability issues.
2. Coding around G_MESSAGES_DEBUG to comply with our log level mask
and not clobber the user's settings or not create unexpected log misses
is unworkable and generally follows the principle of most surprise.
The fact that G_MESSAGES_DEBUG="all" can leak to other programs using
GLib is also annoying.
3. The non-structured GLib logging API is very opinionated and lacks
configurability beyond replacing the log handler.
4. Windows GUI has some special code to attach to a console,
but it would be nice to abstract away the rest under a single
interface.
5. Using this logger seems to be noticeably faster.
Deprecate the console log level preference and extend our API to
implement a log handler in wsutil/wslog.h to provide easy-to-use,
flexible and dependable logging during all execution phases.
Log levels have a hierarchy, from most verbose to least verbose
(debug to error). When a given level is set everything above that
is also enabled.
The log level can be set with an environment variable or a command
line option (parsed as soon as possible but still later than the
environment). The default log level is "message".
Dissector logging is not included because it is not clear what log
domain they should use. An explosion to thousands of domains is
not desirable and putting everything in a single domain is probably
too coarse and noisy. For now I think it makes sense to let them do
their own thing using g_log_default_handler() and continue using the
G_MESSAGES_DEBUG mechanism with specific domains for each individual
dissector.
In the future a mechanism may be added to selectively enable these
domains at runtime while trying to avoid the problems introduced
by G_MESSAGES_DEBUG.
Add a generic function to write content to file. Use this on write
TLS session keys from UI and tshark, and for export objects.
Remove the now unused export_object_ui.[ch].
The GLib documentation says G_STRLOC includes the function name
but that is a lie[1]. Change ws_debug() to not use G_STRLOC and receive
__FILE__, __LINE__ and G_STRFUNC separately instead.
[1]https://bugzilla.gnome.org/show_bug.cgi?id=69097
Default to taking the VLAN ID into account when reassembling only
for private IPv4 addresses as defined by RFC 1918 and for link-local
addresses. Otherwise, do not take the VLAN ID into account unless
the "Enable stricter conversation tracking heuristics" preference
is enabled. Fixes#14356.
Replace most instances of ws_debug_printf() except in
epan/dissectors and dissector plugins.
Some replacements use printf(), some use ws_debug(), and
some were removed because they were dead or judged to be
temporary.
Use a void expression instead of removing the expression
entirely. Under certain conditions, for example as the only
statement in an if() conditional, removing the assertion
will generate compiler warnings.
Currently our build generates very many warnings if
G_DISABLE_ASSERT is defined.
Add ws_assert() and ws_assert_not_reached() to incrementally
replace existing assertions and then disable them using
WS_DISABLE_ASSERT.
Assertions are disabled with CMake build type Release.
By default the build type is RelWithDebInfo so the current
behaviour of enabling assertions by default is (for now) preserved.
Add some notes to README.Developer.
Most of the time, the return value tells us nothing useful, as we've
already decided that we're perfectly willing to live with string
truncation. Hopefully this keeps Coverity from whining that those
routines could return an error code (NARRATOR: They don't) and thus that
we're ignoring the possibility of failure (as indicated, we've already
decided that we can live with string truncation, so truncation is *NOT*
a failure).
Calling cmake with -DENABLE_VLD=ON when building with Visual Studio,
results in debug configuration being linked to Visual Leak Detector.
By default, Visual Leak Detector outputs the leak summary to Visual
Studio debug window. When ENABLE_VLD is active, VLD is linked to all
wireshark libraries and executables.
If a header declares a function, or anything else requiring the extern
"C" decoration, have it wrap the declaration itself; don't rely on the
header itself being included inside extern "C".
Have routines to report capture-file errors, using libwireshark error
codes and strings, that call through a pointer, so they can pop up
dialogs in GUI apps, print a message to the standard error on
command-line apps, and possibly do something different on server
programs.
Have init_report_message() take a pointer to structure containing those
function pointers, rather than the function pointers themselves, as
arguments.
Make other API changes to make that work.
FOr 11b and 11g, also set the metadata to provide the "short preamble"
indication.
Add some macros to wsutil/802_11-utils.h to help there, as I threatened
to do in the previous commit. :-)
I believe this was the original intention, to use these API restricitons
with dissectors only (not that I necessarily agree with that policy either),
and through copy-paste and lack of clear guidelines it spread to other
parts of the build.
Rename the checkAPI groups to make it very clear that this is dissector-only.
This doesn't mean, of course, that good programming practices shouldn't be
followed everywhere. In particular assertions need to be used properly.
Don't use them to catch runtime errors or validate input data.
This commit will be followed by another removing the various ugly hacks
people have been using to get around the checkAPI hammer.
Since fe94133f0d ws_snprintf()
and ws_vsnprintf() don't actually do anything anymore.
The return value of ws_[v]snprintf was discarded before,
now it too conforms to C99.
Instead *_register_plugin() is turned into a noop (with a warning).
The test suit is failing with ENABLE_PLUGINS=Off (it was already failing
before and this patch didn't affect that).
Closes#17202.
This adds a function to parse a string date-time in ISO 8601 format into
a `nstime_t` structure. It's based on code from epan/tvbuff.c and
wiretap/nettrace_3gpp_32_423.c and meant to eventually replace both.
(Currently only replaces the latter.)
Since most of Wireshark expects ISO 8601 date-times to fit a fairly
strict pattern, iso8601_to_nstime() currently rejects date-times without
separators between the components, even though ISO 8601 actually permits
this. This could be revisited later.
Also uses iso8601_to_nstime in editcap to parse the -A/-B options,
thus allowing the user to specify a time zone if desired. (See #17110)
Adds a pre-commit hook for detecting and replacing
occurrences of `g_malloc()` and `wmem_alloc()` with
`g_new()` and `wmem_new()`, to improve the
readability of Wireshark's code, and
occurrences of
`g_malloc(sizeof(struct myobj) * foo)`
with
`g_new(struct myobj, foo)`
to prevent integer overflows
Also fixes all existing occurrences across
the codebase.
Replace bugs.wireshark.org links with their equivalent
gitlab.com/wireshark/wireshark/issues links in the AsciiDoctor buglink
macro and the please_report_bug function. Update the bug URLs in
comments in the tools and test directories.
Remove the --check-addtext and --build flags. They were used for
checkAddTextCalls, which was removed in e2735ecfdd.
Add the sources in ui/qt except for qcustomplot.{cpp,h}. Fix issues in
main.cpp, rtp_audio_stream.cpp, and wireshark_zip_helper.cpp.
Rename "index"es in packet-usb-hid.c.
It's used in a number of source files; don't force each of them to test
GCRYPT_VERSION_NUMBER independently.
Make sure every file that uses HAVE_LIBGCRYPT_AEAD includes
wsutil/wsgcrypt.h.
Also do some other definitions that are based on the libgcrypt version
there as well.
This requires that the Qt UI code be given the include directory for
libgcrypt, as the follow stream code includes
epan/dissectors/packet-quic.h, which includes wsutil/wsgcrypt.h to get
HAVE_LIBGCRYPT_AEAD defined, and wsutil/wsgcrypt.h includes <gcrypt.h>.
Change-Id: I9cb50f411f5b2b6b9e28a38bfd901f4a66d9cc8f
Reviewed-on: https://code.wireshark.org/review/38116
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
/opt/SourceCode/wireshark/epan/dissectors/packet-osc.c 367 err V562 It's odd to compare 0 or 1 with a value of 0.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 960 note V576 Incorrect format. Consider checking the eighth actual argument of the 'proto_tree_add_subtree_format' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 980 note V576 Incorrect format. Consider checking the third actual argument of the 'proto_item_append_text' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2473 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_prepend_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2482 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_append_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2633 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_append_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-rpc.c 2650 note V576 Incorrect format. Consider checking the fourth actual argument of the 'col_prepend_fstr' function. The SIGNED integer type argument is expected.
/opt/SourceCode/wireshark/epan/dissectors/packet-stun.c 565 warn V1051 Consider checking for misprints. It's possible that the 'reported_length' should be checked here.
/opt/SourceCode/wireshark/epan/dissectors/packet-umts_fp.c 4126 warn V1051 Consider checking for misprints. It's possible that the 'reported_length' should be checked here.
/opt/SourceCode/wireshark/epan/dissectors/packet-umts_fp.c 4942 warn V1051 Consider checking for misprints. It's possible that the 'reported_length' should be checked here.
/opt/SourceCode/wireshark/ui/voip_calls.c 1444 err V773 The 'comment' pointer was assigned values twice without releasing the memory. A memory leak is possible.
/opt/SourceCode/wireshark/wsutil/filesystem.c 1531 err V773 The function was exited without releasing the 'files' pointer. A memory leak is possible.
/opt/SourceCode/wireshark/wsutil/filesystem.c 1717 err V773 The function was exited without releasing the 'files' pointer. A memory leak is possible.
Bug: 16335
Change-Id: I8df3ba6d070823dcb43c4152d9156358f701e8dc
Reviewed-on: https://code.wireshark.org/review/37069
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
wsutil/nstime.c:116: warning: Function 'nstime_sum' argument order different: declaration 'sum, b, a' definition 'sum, a, b'
Most likely copy/paste error from nstime_delta() above where that order makes sense.
Change-Id: Icea52b21781ebc09b2b80acdb34d61a28eb1e498
Reviewed-on: https://code.wireshark.org/review/36562
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
Those fetch gint and guint values, respectively, rather than values with
specified sizes in bits.
This should squelch Coverity CID 1457357.
Change-Id: Ia8f100bd3fe90c266e24a4346f80b2667c653b93
Reviewed-on: https://code.wireshark.org/review/36177
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The processor brand string returned by CPUID is left-padded in some
cases. For example, adding
g_warning("==>%s<==\n", CPUBrandString);
to get_cpu_info() on a test machine here returns
** (tshark.exe:3808): WARNING **: ==> Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz<==
Make sure it's stripped before we add it to our version information.
Change-Id: Idf9f9574477043a5e7fe4ff1ecb7890d6da90e0a
Reviewed-on: https://code.wireshark.org/review/36108
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
There are some deltas between the UN*X epoch and other epochs that are
used in a number of places; put them into a header.
Change-Id: Ia2d9d69b9d91352d730d97d9e4897518635b4861
Reviewed-on: https://code.wireshark.org/review/35895
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Revert the removal of replacing disallowed filename characters in
create_tempfile() to allow this characters in extcap interface names.
This is a regression from g2925fb08.
Change-Id: I833d1d19080c9c688dcaf076a840f55ef31e457d
Reviewed-on: https://code.wireshark.org/review/35669
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't contain the text "please do not report it", so nobody will
think it's a warning not to report the problem, it just says "don't call
it a crash".
Change-Id: I9ce71e6a1cc37446a08e44da64c8411166844f75
Reviewed-on: https://code.wireshark.org/review/35649
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Say "as a bug" upfront, and clarify that "please do not report it as
such" doesn't mean "please do not report this at all" (even though we
say "please report this" earlier), it means "please do not report this
as being a crash".
Change-Id: I2656c4c13e90fcf41d00a4b6ab3c2f2998f55fd6
Reviewed-on: https://code.wireshark.org/review/35647
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Added API description clarifies when bytes/samples are used. New variable names
proposed and all existing codecs are adapted to it. Change is just renaming...
Change-Id: I75dba64a49eb3f4369ec7160cb793dda4b44c810
Reviewed-on: https://code.wireshark.org/review/35576
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
Much better to use a known library than create it ourselves.
Also remove get_tempfile_path as it's not used.
Bug: 15992
Change-Id: I17b9bd879e8bdb540f79db83c6c138f8ee724764
Reviewed-on: https://code.wireshark.org/review/34420
Reviewed-by: Tomasz Moń <desowin@gmail.com>
Petri-Dish: Tomasz Moń <desowin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
It's a "wmem version" of format_size (from wsutil/str_util.h).
Also improved the flexibility in formatting of format_size() to handle future
needs of format_size_wmem
Ping-Bug: 15360
Change-Id: Id9977bbd7ec29375bbac955f685d46e75b0cef2c
Reviewed-on: https://code.wireshark.org/review/31233
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
strchr() is declared in <string.h>, and we now use strchr(), so we must
include <string.h>.
Change-Id: Ie80763c10c4ad1ef85d4a83d8eacc3ea236bea56
Reviewed-on: https://code.wireshark.org/review/35052
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The buffer needs to be big enough to include the trailing '\0', so we
need to compare the buffer's length against strlen(name) + 1, not
against strlen(name).
Bug: 15751
Change-Id: I75ae65f8c818284834d761d9dd911d029cfca3b1
Reviewed-on: https://code.wireshark.org/review/34892
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit f1285fcf06.
NSIS package is broken with this commit.
Change-Id: Ief22a308edad188fa2d5fab79355f19493359fa6
Reviewed-on: https://code.wireshark.org/review/34758
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
HTML docs are installed to both $docdir and $pkgdatadir. Fix that
to install to $docdir only.
Change-Id: I115158585b6df9170d9a01249adbc8548df91f14
Reviewed-on: https://code.wireshark.org/review/34640
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: João Valverde <j@v6e.pt>
There's no extra benefit in having FILE pointer (over file descriptor)
passed to file_needs_reopen().
Change-Id: Id49eb2f02b776c2f1ccd9d67fedd7eac38432f52
Reviewed-on: https://code.wireshark.org/review/34600
Reviewed-by: Craig Jackson <cejackson51@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
On Windows, fstat() and stat() sets st_dev to different value depending
on whether it was called with file handle or file path. If file handle
was used, the st_dev is simply the file handle casted to unsigned.
If file path was used, then st_dev corresponds to drive letter
(A=0, B=1, C=2, ...).
Compare the files using the file index information retrieved by
GetFileInformationByHandle(). When compiled in configuration that
supports FILE_ID_INFO, the code first tries to obtain 128-bit FILE_ID_INFO
and if that fails, fallback to GetFileInformationByHandle().
Bug: 16059
Change-Id: I5f8d8d8127337891ef9907c291e550b1d17aabbb
Reviewed-on: https://code.wireshark.org/review/34573
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide _U_ macro definition for Visual Studio.
Change the way _U_ macro is ifdefed for some targets to allow Visual
Studio to recognize it.
Ping-Bug: 15832
Change-Id: Ic7ce145cbe9e8aa751d64c9c09ce8ba6c1bbbd30
Reviewed-on: https://code.wireshark.org/review/34530
Tested-by: Petri Dish Buildbot
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Pass working directory parameter to win32_create_process() in
ws_pipe_spawn_sync().
Change-Id: I0abbc4fbf733138b20c2a34845b147530417c91e
Reviewed-on: https://code.wireshark.org/review/34533
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
That also keeps us from looking at the non-existent first octet of an
empty buffer.
Bug: 16031
Change-Id: I3fcf4201d21dc44ccd8815cb0637c1eae4995560
Reviewed-on: https://code.wireshark.org/review/34439
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
jsmn_parse() is handed a buffer and a count of octets in the buffer; it
treats either running out of octets, as specified by the count, *OR*
seeing a NUL as meaning "end of JSON string".
That means that a buffer, of arbitrary size, the first octet of which is
zero is a null string and considered valid JSON.
That is clearly bogus; it messes up both tests for JSON files *and*,
potentially, heuristic checks for JSON in packet payloads.
Bug: 16031
Change-Id: I5ee78b613df3358f19787f2ce28ddc883368f03d
Reviewed-on: https://code.wireshark.org/review/34438
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Using g_hash_table_insert() in cases where the key is contained within
value is error prone. Use g_hash_table_replace() to eliminate the risk
of ending up with incoherent hash table state.
Change-Id: I595457476a2682e927d2c56b2692404aef4dc43a
Reviewed-on: https://code.wireshark.org/review/34385
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Before the unzipped files are being copied from the temp directory,
they are checked against the stored list of profile names, to ensure,
that only allowed files are being imported.
Also ensures, that no empty directory exists for the skipped one
Bug: 15969
Change-Id: I6ae8c9fb5f63d089d42fc0ef18dbe84baec515a2
Reviewed-on: https://code.wireshark.org/review/34184
Petri-Dish: Roland Knall <rknall@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Change the Profile types from User/System to Personal/Global in UI
to match the terminology used in About Wireshark -> Folders.
This reverts commit 40af4aa93e.
This reverts commit f0cde7ca34.
This reverts commit c37cabe900.
Change-Id: I9012db6385707754e26a2dadb57f6003f8112f9b
Reviewed-on: https://code.wireshark.org/review/34134
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>