Wireshark-bugs: [Wireshark-bugs] [Bug 8382] MS-MMS dissector crash

Date: Fri, 01 Mar 2013 17:14:30 +0000

Comment # 20 on bug 8382 from
(In reply to comment #19)
> (In reply to comment #18)
> > Created attachment 10149 [details]
> > Remove format_text
> > 
> > Why is the format_text even necessary?  Can we just provide the string
> > returned from tvb_get_ephemeral_unicode_string() directly?  We already know
> > the value is going to be bogus/garbage because length > packet length. 
> > expert_info may be overkill.
> 
> I believe the format_text is necessary in the case that the string contains
> null-terminators so that they get escaped properly instead of the string
> getting truncated.

Or other non-printing characters, since I don't know exactly how
tvb_get_ephemeral_unicode_string is expected to behave when the string contains
embedded nulls. It's possible nobody ever considered that case.

> Yes, my initial fix breaks that as well.
> 
> > I think a "better" solution would be to support "unicode" through
> > proto_tree_add_item so some of these extra steps aren't necessary, but you'd
> > still have this issue with server_version.
> 
> Yes. I think my complaint about tvb_get_string_unicode still stands though:
> the calling function has no way to determine the size of the buffer it gets
> back. The buffer may contain embedded null-terminators so strlen is
> unreliable, and 1/2 the requested length is only valid assuming there are no
> multi-byte characters.

Generally: the behaviour of tvb_get_string_* functions is undefined or
inconsistent with respect to embedded nulls. The unknown length problem may end
up being irrelevant if we consistently strip embedded nulls, because then
strlen will be usable.


You are receiving this mail because:
  • You are watching all bug changes.