Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9027] Another fuzz failure in print_hex_data_buffer

Wireshark-bugs: [Wireshark-bugs] [Bug 9027] Another fuzz failure in print_hex_data_buffer

Date: Sun, 11 Aug 2013 18:02:55 +0000

Comment # 11 on bug 9027 from Jakub Zawadzki

Ok.

In packet number #26 nbns dissector request to give him 131072 bytes more
(pinfo->desegment_len set to 131072)

TCP collect fragments which is done in frame #145.

We add 'reassembled tvb' 

1795             next_tvb = tvb_new_chain(tvb, ipfd_head->tvb_data);
1798             add_new_data_source(pinfo, next_tvb, "Reassembled TCP");

nbns dissector is called, but now nbns wants another 1007 bytes (strange)

(back to tcp)

1820             if (pinfo->desegment_len &&
1821                 pinfo->desegment_offset<=old_len) {
...
1853                     msp->nxtpdu=seq + last_fragment_len +
pinfo->desegment_len /* + 1007 */;
...
1863                 if (tvb_length_remaining(tvb, offset) > 0)
1864                     goto again;

tcp adds another fragment, old reassembly data is freed, new is created,
again add_new_data_source is called, bla, bla.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 9027] New: Another fuzz failure in print_hex_data_buffer
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9027] Another fuzz failure in print_hex_data_buffer
Next by Date: [Wireshark-bugs] [Bug 9027] Another fuzz failure in print_hex_data_buffer
Previous by thread: [Wireshark-bugs] [Bug 9027] Another fuzz failure in print_hex_data_buffer
Next by thread: [Wireshark-bugs] [Bug 9027] Another fuzz failure in print_hex_data_buffer
Index(es):
- Date
- Thread