Evan Huus
changed
bug 8380
| What |
Removed |
Added |
| Status |
UNCONFIRMED
|
CONFIRMED
|
| CC |
|
[email protected]
|
| Ever confirmed |
|
1
|
Comment # 1
on bug 8380
from Evan Huus
There are a few weird things going on. The root cause seems to be DTLS grabbing
an enormous fragment offset from the packet and telling the reassembly machine
about it.
Then, in fragment_add_work, the initial check for data beyond the existing
packet doesn't succeed because the FD_PARTIAL_REASSEMBLY flag isn't set. This
leads it to falsely believe there is an overlap around line 785 (there isn't)
and do a memcmp call to invalid memory, leading to the crash.
In addition to this, there are also a large number of g_warnings about invalid
reassembly, out of bounds values etc.
You are receiving this mail because:
- You are watching all bug changes.