Jakub Zawadzki
changed
bug 8717
Comment # 3
on bug 8717
from Jakub Zawadzki
(In reply to comment #2)
> Somehow we're reassembling 256 frames of 257 bytes each (256*257 = 65792)
> but the resulting TVB is only 65786 bytes long (6 bytes too short).
Not quite, check frame #256
./tshark -r /tmp/fuzz-2013-05-25-10691.pcap -R 'frame.number == 256' -O
dcp-etsi
[260 Message fragments (65786 bytes): #1(257), #232(257), #232(257), #232(257),
#5(257), #6(257), #7(257), #8(257), #9(257), #10(257), #11(257), #12(257),
#13(257), #14(257), #15(1), #232(257), #17(257), #18(257), #19(257), #20(257),
#21(25] ... output truncated]
[Frame: 1, payload: 0-256 (257 bytes)]
[Frame: 232, payload: 257-513 (257 bytes)]
...
let's grep -v 257
[Frame: 15, payload: 3598-3598 (1 byte)]
[Frame: 22, payload: 5141-5393 (253 bytes)]
[Frame: 71, payload: 17730-17992 (263 bytes)]
[Frame: 125, payload: 31614-31872 (259 bytes)]
[Frame: 143, payload: 36242-36504 (263 bytes)]
[Frame: 201, payload: 51154-51162 (9 bytes)]
[Frame: 206, payload: 52191-52420 (230 bytes)]
[Frame: 241, payload: 61159-61159 (1 byte)]
[Frame: 254, payload: 65015-65015 (1 byte)]
It seems for me that:
a/ there're more than 256 fragments (260)
b/ some fragments don't have 257 bytes.
// adding creator of dissector to CC.
You are receiving this mail because:
- You are watching all bug changes.