Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors

Wireshark-bugs: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors

Date: Mon, 29 Jul 2013 21:23:11 +0000

What	Removed	Added
CC		[email protected]

Comment # 31 on bug 3290 from Martin Kaiser

While looking at Coverity issues ("dereferencing a NULL pointer") today, I
found one potential issue with the fixes related to this bug:

In proto_tree_add_item(), we call test_length() before doing the NULL check on
tree.

test_length() -> get_uint_value() -> report_type_length_mismatch() ->
dereference tree -> crash

This can be triggered by something like

proto_tree_add_item(NULL, hf_dvbci_prof_name, tvb, offset, 7, ENC_BIG_ENDIAN);
with hf_dvbci_prof_name being an FT_UINT_STRING

I understand that we must test_length() before TRY_TO_FAKE_THIS_ITEM().
Therefore, I added a NULL check in report_type_length_mismatch() in r51020.

Feel free to modify / revert this if I got it wrong.

You are receiving this mail because:

You are the assignee for the bug.
You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 8993] New: The Wireshark icon doesn't show up in OS X 10.5
Next by Date: [Wireshark-bugs] [Bug 8986] Version 1.10.1 (Intel 32 bit) crashes immediately on Mac OS 10.5.8
Previous by thread: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors
Next by thread: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors
Index(es):
- Date
- Thread