https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5366
--- Comment #6 from Yaniv Kaul <mykaul@xxxxxxxxx> 2010-11-16 11:45:34 PST ---
(In reply to comment #5)
> Schwoo, I'm glad I asked for a sample capture. Running with this patch, it
> seems there is a loop:
>
> tools/test-fuzzed-cap.sh /tmp/tight-hex.pcap
>
>
> ** (process:32241): WARNING **: Dissector bug, protocol VNC, in packet 98: More
> than 1000000 items in the tree -- possible infinite loop
>
> ** (process:32241): WARNING **: Dissector bug, protocol VNC, in packet 131:
> More than 1000000 items in the tree -- possible infinite loop
>
> ** (process:32241): WARNING **: Dissector bug, protocol VNC, in packet 173:
> More than 1000000 items in the tree -- possible infinite loop
>
> [...]
I'm not entirely sure it's my patch's fault. It's in the hextile encoding,
which is incorrect. Then things go south from there
(vnc_server_framebuffer_update(() thinks its getting a ridicilous number of
rectangles to dissect).
I'm really not happy with the VNC dissector - it does not reassemble the
messages correctly. To do it properly, one must walk over all the message
first, to determine its exact length (one of the characteristics of the
protocol, hard to determine prior to going over the message what its final size
would be). I've tried to refactor the code - lots and lots of work, I only have
work in progress.
Are you sure it's my patch causing it?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
