URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f489f8f2c4506945f9ffbc8cf1b609b6db56ab10
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master-2.6
Repository: wireshark
Commits:
f489f8f by Peter Wu (peter@xxxxxxxxxxxxx):
tvbuff_composite: fix buffer overflow due to wrong offset adjustment
The tvb_offset method should return the offset of the buffer within the
backing tvb (ds_tvb). The currently returned non-zero offset is valid
for tvbuff_subset.c, but not for the composite TVB. The backing tvb is
the tvb itself, so the offset should be zero (or "counter" for
consistency with tvbuff_real.c and others).
This bug is observable with the capture from the bug. In tshark, the
data field in the PDML output has value "field length invalid!" and the
position attribute ("pos") is too large. With the -V option it even
crashes with a buffer overflow (read). In the GUI, the bytes tab shows
range 3199-19642 even if the data source is only 16444 bytes while the
selection should have been 0-16443.
Bug: 14466
Change-Id: I01399ff500321dba262eb60b67c4cddb173b4679
Reviewed-on: https://code.wireshark.org/review/30124
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit ec5adb0ce98c37c8119feb972a5207e0e1721d9b)
Reviewed-on: https://code.wireshark.org/review/30152
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from ef08ce5 Also need a period at the end of the "Built using" clause.
add f489f8f tvbuff_composite: fix buffer overflow due to wrong offset adjustment
Summary of changes:
epan/tvbuff_composite.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)