URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc4d209f39132a4ae05675a11609176ae9705cfc
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master-2.4
Repository: wireshark
Commits:
dc4d209 by Peter Wu (peter@xxxxxxxxxxxxx):
tvbuff_composite: fix buffer overflow due to wrong offset adjustment
The tvb_offset method should return the offset of the buffer within the
backing tvb (ds_tvb). The currently returned non-zero offset is valid
for tvbuff_subset.c, but not for the composite TVB. The backing tvb is
the tvb itself, so the offset should be zero (or "counter" for
consistency with tvbuff_real.c and others).
This bug is observable with the capture from the bug. In tshark, the
data field in the PDML output has value "field length invalid!" and the
position attribute ("pos") is too large. With the -V option it even
crashes with a buffer overflow (read). In the GUI, the bytes tab shows
range 3199-19642 even if the data source is only 16444 bytes while the
selection should have been 0-16443.
Bug: 14466
Change-Id: I01399ff500321dba262eb60b67c4cddb173b4679
Reviewed-on: https://code.wireshark.org/review/30124
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit ec5adb0ce98c37c8119feb972a5207e0e1721d9b)
Reviewed-on: https://code.wireshark.org/review/30153
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 2d8a9ef4 Also need a period at the end of the "Built using" clause.
add dc4d209 tvbuff_composite: fix buffer overflow due to wrong offset adjustment
Summary of changes:
epan/tvbuff_composite.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)