Wireshark-bugs: [Wireshark-bugs] [Bug 6833] Buildbot crash output: fuzz-2012-02-10-14752.pcap

Date: Sun, 12 Feb 2012 12:07:51 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6833

Guy Harris <guy@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|WORKSFORME                  |FIXED

--- Comment #7 from Guy Harris <guy@xxxxxxxxxxxx> 2012-02-12 12:07:49 PST ---
We were not checking whether the pointer value fetched from the packet was <=
remaining_len before subtracting it from remaining_len - and, in several of
these packets, the pointer value was > remaining_len, and the resulting value
of the unsigned remaining_len variable was 4294967110.

I've added checks for invalid pointer values in rev 41001.  This made the
warnings go away, so I'm guessing they're the same bug, just manifesting itself
in a different way; perhaps running on a system with enough swap space (and the
UN*X I'm running on not only doesn't use fixed partitions for swapping, it
doesn't even support swapping to raw disk partititions, and it just adds more
swap files if necessary) prevents the allocation failures.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.