Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8717] Buildbot crash output: fuzz-2013-05-25-10691.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 8717] Buildbot crash output: fuzz-2013-05-25-10691.pcap

Date: Mon, 27 May 2013 23:41:05 +0000

Comment # 2 on bug 8717 from Evan Huus

Somehow we're reassembling 256 frames of 257 bytes each (256*257 = 65792) but
the resulting TVB is only 65786 bytes long (6 bytes too short).

The dissector does some dangerous work with tvb_get_ptr, and is running past
the end of the buffer.

It's easy enough to DISSECTOR_ASSERT the tvb length against the expected value,
but that doesn't answer why reassembly is giving us the wrong length back in
the first place...

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 8717] New: Buildbot crash output: fuzz-2013-05-25-10691.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 8717] Buildbot crash output: fuzz-2013-05-25-10691.pcap
Next by Date: [Wireshark-bugs] [Bug 8722] ASN.1 aligned PER dissector fails to check return value of g_malloc()
Previous by thread: [Wireshark-bugs] [Bug 8717] Buildbot crash output: fuzz-2013-05-25-10691.pcap
Next by thread: [Wireshark-bugs] [Bug 2402] Data string filter crash
Index(es):
- Date
- Thread