https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4300
--- Comment #3 from Mithun Roy <mithunroy13@xxxxxxxxx> 2009-12-07 11:02:00 PST ---
One of the test cases in the capture file that was used in the fuzz test(bug
4274), causes the funtion evaluate_sdnv() to return an error(value -1) when
calculating the rcpt_clm_cnt. So the ep_alloc(sizeof(guint64) * rcpt_clm_cnt)
following that would throw " Memory corrupted " error, becuase the value passed
to ep_alloc() will be negative.
This problem has already been rectified, by using the check to see if
rcpt_clm_cnt is less than zero.
The control flag length check has nothing to do with the bug 4274.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.