https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7046
Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
CC| |jeff.morriss.ws@xxxxxxxxx
Resolution|FIXED |
--- Comment #5 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2012-06-05 07:59:57 PDT ---
These changes introduced (or made worse) a static overrun (detected as Coverty
ID 703472): there are two places where dissect_subtlv_interface_parameters() is
called with 2 different interface_params_header_fields[] parameters but this
patch only added the flow label changes to the first. In the 2nd case if a
flow label parameter is detected it could access entries 36, 37, and 38 of the
passed in interface_params_header_fields[] (which don't exist):
2871 case FEC_VC_INTERFACEPARAM_FLOWLABEL:
2872 proto_item_append_text(ti,": Flow Label for Pseudowire");
2873 proto_tree_add_item(vcintparam_tree, *interface_parameters_hf[36],
tvb, offset+2, 1, ENC_BIG_ENDIAN);
2874 proto_tree_add_item(vcintparam_tree, *interface_parameters_hf[37],
tvb, offset+2, 1, ENC_BIG_ENDIAN);
2875 proto_tree_add_item(vcintparam_tree, *interface_parameters_hf[38],
tvb, offset+2, 2, ENC_BIG_ENDIAN);
I could mechanically add a few entries, but do you know this protocol well
enough to make a more informed fix?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.