Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 7563] Capture file that crashes wireshark

Wireshark-bugs: [Wireshark-bugs] [Bug 7563] Capture file that crashes wireshark

Date: Tue, 7 Aug 2012 12:44:42 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563

Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darkjames-ws@xxxxxxxxxxxx

--- Comment #14 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-08-07 12:44:42 PDT ---
(In reply to comment #13)
> I fixed that overflow in r44306. But there may be more work to
> do here: the comments seem to indicate that this array should have 5 entries
> but there are only 4.  Stephen, can you check on this (and my changes)?

+ 

Should we also check for speed == 0?
in_fmt->m_vc_index_array[-1] point to in_fmt->m_vc_size so this is not
exploitable... But maybe we should mark such packets as malformed?

(just as note, this bug is caused by r38788)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 7563] New: Capture file that crashes wireshark
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 7565] Capture file that crashes wireshark in packet-cmip-template.c
Next by Date: [Wireshark-bugs] [Bug 7600] New: Buildbot crash output: fuzz-2012-08-07-4933.pcap
Previous by thread: [Wireshark-bugs] [Bug 7563] Capture file that crashes wireshark
Next by thread: [Wireshark-bugs] [Bug 7563] Capture file that crashes wireshark
Index(es):
- Date
- Thread