Wireshark-bugs: [Wireshark-bugs] [Bug 9323] Buildbot crash output: fuzz-2013-10-25-12569.pcap

Date: Fri, 25 Oct 2013 17:04:41 +0000

Comment # 6 on bug 9323 from
This one's weird. The root problem, I think, is that the last line of HTTP
header is being added to the tree as a pointer retrieved with tvb_get_ptr,
however the line contained no null terminators. The tree is strduping it for
display, which of course runs past the end of the packet into uninitialized
wiretap buffer.

I'm confused that this doesn't happen for every line though, if the packet
contains no null terminators at all I would think that each line would consist
of all data to the end of the packet + garbage...

I tried to modify the function to use g_strlcpy in order to respect both the
length *and* any possible null-terminator but that just moved the source of the
error to the g_strlcpy call. That makes me suspect the length being passed in
is incorrect, but I cannot track down how.

I suspect I am missing something, because the pieces I have don't really seem
to fit right now...


You are receiving this mail because:
  • You are watching all bug changes.