Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors

Wireshark-bugs: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors

Date: Fri, 31 May 2013 13:11:01 +0000

Comment # 27 on bug 3290 from Evan Huus

(In reply to comment #26)
> Hi,
> 
> Found possible integer overflow:
> 
> +       gint size = length;
> /* asume size == 4 */
> 
> +           n = get_uint_value(tree, tvb, start, length, little_endian);
> /* assume n == = 0xFFFFFFFE */
> 
> +           size += n;
> /* size = 2 */

Good catch - I clearly wasn't fully awake when I reviewed this the first time.
Fixed in r49652.

You are receiving this mail because:

You are the assignee for the bug.
You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 8740] Bluetooth: Improve HFP dissection
Next by Date: [Wireshark-bugs] [Bug 8735] USB CCID dissector "runs off the rails" when trying to dissect non-existent RDR_to_PC_DataBlock payloads
Previous by thread: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors
Next by thread: [Wireshark-bugs] [Bug 8728] NFS dissector infinite loop
Index(es):
- Date
- Thread