Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4984] Buildbot crash output: fuzz-2010-07-06-23547.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 4984] Buildbot crash output: fuzz-2010-07-06-23547.pcap

Date: Wed, 7 Jul 2010 12:45:01 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4984

Tomas Hoger <thoger@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |thoger@xxxxxxxxxx

--- Comment #4 from Tomas Hoger <thoger@xxxxxxxxxx> 2010-07-07 12:44:59 PDT ---
(In reply to comment #1)
> Fixed in 33464 by making sure the offset is positive before recursing.

Jeff, is the added check sufficient in all cases?  tmp_offset += tmp_len should
still be able to move tmp_offset back, but without making it less than offset
(as tmp_len can be arbitrary 32bit value when 8.1.3.5 branch is followed).  It
may no longer be possible to cause deep recursion, but still seems to allow
infinite loop.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 4984] New: Buildbot crash output: fuzz-2010-07-06-23547.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 4984] Buildbot crash output: fuzz-2010-07-06-23547.pcap
Next by Date: [Wireshark-bugs] [Bug 4972] VoIP Calls Graph Analysis window divider can only be moved to the left
Previous by thread: [Wireshark-bugs] [Bug 4984] Buildbot crash output: fuzz-2010-07-06-23547.pcap
Next by thread: [Wireshark-bugs] [Bug 4984] Buildbot crash output: fuzz-2010-07-06-23547.pcap
Index(es):
- Date
- Thread