https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563
Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |andrew.kampjes@xxxxxxxxxx
--- Comment #15 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2012-08-07 13:44:38 PDT ---
(In reply to comment #14)
> (In reply to comment #13)
> > I fixed that overflow in r44306. But there may be more work to
> > do here: the comments seem to indicate that this array should have 5 entries
> > but there are only 4. Stephen, can you check on this (and my changes)?
>
> Should we also check for speed == 0?
> in_fmt->m_vc_index_array[-1] point to in_fmt->m_vc_size so this is not
> exploitable... But maybe we should mark such packets as malformed?
Probably should be a check there, but there's also the problem of the array
size I mentioned; I'd just as soon sit on this until someone at Endace can take
a look.
> (just as note, this bug is caused by r38788)
... which is for bug 6263. Which means I probably should have asked Andrew to
take a look rather than Stephen.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.