Wireshark-dev: Re: [Wireshark-dev] Possible misuse of match_strval_idx

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Sun, 24 Mar 2013 11:11:39 +0100
Le 24/03/2013 00:57, Evan Huus a �crit :
> On Sat, Mar 23, 2013 at 6:39 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
>> On 03/23/2013 10:07 PM, Evan Huus wrote:
>>> Am I correct in thinking that in packet-gsm_a_dtap.c around line 6432,
>>> if match_strval_idx doesn't find a match then we will access invalid
>>> memory because idx will be used as an array index with value -1?
>>>
>>> Evan
>> Unless gsm_a_dtap_msg_cc_strings contains 64 entries it seems so yes.
> Filed as bug #8517.

Hi Evan,

actually those wrong array index will never be used thanks to the
following lines 6503 and 6622:
if (msg_str == NULL)
{
   ...
}
else
{
   use ett_tree
}
and
if (msg_str == NULL) return;
...
use dtap_msg_fcn

So the invalid memory accesses will never occur.
I made it a bit more obvious in r48520.

Unless you spotted another place in the source code, I suggest closing
bug 8517.

Regards,
Pascal.