Wireshark-bugs: [Wireshark-bugs] [Bug 7563] Capture file that crashes wireshark

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 7 Aug 2012 12:44:42 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563

Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darkjames-ws@xxxxxxxxxxxx

--- Comment #14 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-08-07 12:44:42 PDT ---
(In reply to comment #13)
> I fixed that overflow in r44306. But there may be more work to
> do here: the comments seem to indicate that this array should have 5 entries
> but there are only 4.  Stephen, can you check on this (and my changes)?

+ 

Should we also check for speed == 0?
in_fmt->m_vc_index_array[-1] point to in_fmt->m_vc_size so this is not
exploitable... But maybe we should mark such packets as malformed?

(just as note, this bug is caused by r38788)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.