Martin Kaiser
changed
bug 8112
| What |
Removed |
Added |
| Status |
CONFIRMED
|
IN_PROGRESS
|
Comment # 4
on bug 8112
from Martin Kaiser
however, I'm not sure if such a check is the best way of fixing this.
When it gets a negative length, tvb_get_ephemeral_unicode_string() returns a
string which contains only the 0 termination - there's no indication that
something went wrong. Should we return NULL for an invalid length parameter? Or
throw an exception?
The resulting string is then passed to format_text() with the original
(stupidly large) length. format_text() starts processing without any checks and
crashes. Should we check that string is non-NULL and cotains no 0x0 character
within len-1 bytes??
You are receiving this mail because:
- You are watching all bug changes.