Comment # 32
on bug 3290
from Jeff Morriss
(In reply to comment #31)
> While looking at Coverity issues ("dereferencing a NULL pointer") today, I
> found one potential issue with the fixes related to this bug:
>
> In proto_tree_add_item(), we call test_length() before doing the NULL check
> on tree.
>
> test_length() -> get_uint_value() -> report_type_length_mismatch() ->
> dereference tree -> crash
>
> This can be triggered by something like
>
> proto_tree_add_item(NULL, hf_dvbci_prof_name, tvb, offset, 7,
> ENC_BIG_ENDIAN);
> with hf_dvbci_prof_name being an FT_UINT_STRING
>
> I understand that we must test_length() before TRY_TO_FAKE_THIS_ITEM().
> Therefore, I added a NULL check in report_type_length_mismatch() in r51020.
>
> Feel free to modify / revert this if I got it wrong.
Oops, yeah, I forgot about the "throw exception if given an invalid length"
stuff. Your fix looks good.
You are receiving this mail because:
- You are the assignee for the bug.
- You are watching all bug changes.