https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6351
Sylvain Munaut <246tnt@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |246tnt@xxxxxxxxx
--- Comment #4 from Sylvain Munaut <246tnt@xxxxxxxxx> 2011-09-20 10:31:22 PDT ---
I couldn't reproduce the crash on my machine.
But I can imagine what happens. When the CSN_END 'pDescr' is created, it
assumes that the '.type' field is the only one that will be accessed. Which is
true except if the is a specific type of error in the recursive call that make
the dissector try to consume more bits than there is. Then remaining bits
becomes < 0, which cause the do { } while (remaining_bits >= 0) to exit and
calls ProcessError(...) and that call tries to print a good error message using
the (.sz fields if it's != NULL)
I think the solution is simply to properly initialize the descr[1] entry using
a memset (all fields to 0 is a valid entry). The attached patch does that.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.