Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12119] Buildbot crash output: fuzz-2016-02-11-28355.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12119] Buildbot crash output: fuzz-2016-02-11-28355.pcap

Date: Fri, 01 Apr 2016 02:09:08 +0000

Comment # 4 on bug 12119 from Michael Mann

I think the best solution would be to try to get the "tap data" (si variable)
as close to the top of a function as possible.  Then you could put a if
(ptvcursor_tree(cursor) == NULL) right after all of the uses.  Hopefully that
can eliminate all of the loops.
Barring that, you need to have sanity checks after grabbing any loop value from
the packet and checking if its loop size is too big for the packet.
Using this capture as an example, in handle_UpdateCapabilitiesV3Message, there
should be a check if (audioCapCount * "size of audio capability structure") is
greater than reported length of tvb, then return from function.

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 12302] NULL deref for all extcap programs since "Refactor wiretap option block types into a registration system."
Next by Date: [Wireshark-bugs] [Bug 12189] Wireshark infinite / very deep recursion in add_tagged_field / dissect_ric_data
Previous by thread: [Wireshark-bugs] [Bug 12302] NULL deref for all extcap programs since "Refactor wiretap option block types into a registration system."
Next by thread: [Wireshark-bugs] [Bug 12119] Buildbot crash output: fuzz-2016-02-11-28355.pcap
Index(es):
- Date
- Thread