https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6231
--- Comment #5 from Роман Донченко <dpb@xxxxxxxxxxxxxx> 2012-10-05 10:52:39 PDT ---
(In reply to comment #4)
> Will these loops always be broken out of, even for faulty JFIFs? There's no
> fuzz test for this, so we have to make sure.
As far as I can see, they will either terminate or go out of bounds of the
tvbuff, generating an exception.
The first inner loop always increments start_fill at least once per iteration,
and never goes back (except if tvb_get_guint8 returns -1, but that's
special-cased), so it will eventually reach the end.
The second inner loop keeps incrementing start_marker, so it will reach the end
too.
The outer loop always sets start_entropy to be > start_marker, which is >=
start_fill, which is >= the previous value of start_entropy, so start_entropy
keeps increasing, which means this loop will reach the end, too.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.