Comment # 9
on bug 13231
from Gerald Combs
(In reply to Guy Harris from comment #2)
> fd_head comes from a hash table; most inserts in those hash table are of
> fd_heads allocated with g_slice_new0(), which should clear the entire
> structure, but fragment_start_seq_check() does
>
> /* Create list-head. */
> fd_head = g_slice_new(fragment_head);
> fd_head->next = NULL;
> fd_head->datalen = tot_len;
> fd_head->offset = 0;
> fd_head->fragment_nr_offset = 0;
> fd_head->len = 0;
> fd_head->flags = FD_BLOCKSEQUENCE|FD_DATALEN_SET;
> fd_head->tvb_data = NULL;
> fd_head->reassembled_in = 0;
> fd_head->reas_in_layer_num = 0;
> fd_head->error = NULL;
>
>
> insert_fd_head(table, fd_head, pinfo, id, data);
>
> which doesn't clear it.
I'm assuming that this doesn't lead to any sort of memory exception or crash
and therefore doesn't require a security advisory.
You are receiving this mail because:
- You are watching all bug changes.