Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 7563] Capture file that crashes wireshark

Date: Tue, 7 Aug 2012 13:44:38 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |andrew.kampjes@xxxxxxxxxx

--- Comment #15 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2012-08-07 13:44:38 PDT ---
(In reply to comment #14)
> (In reply to comment #13)
> > I fixed that overflow in r44306. But there may be more work to
> > do here: the comments seem to indicate that this array should have 5 entries
> > but there are only 4.  Stephen, can you check on this (and my changes)?
> 
> Should we also check for speed == 0?
> in_fmt->m_vc_index_array[-1] point to in_fmt->m_vc_size so this is not
> exploitable... But maybe we should mark such packets as malformed?

Probably should be a check there, but there's also the problem of the array
size I mentioned; I'd just as soon sit on this until someone at Endace can take
a look.

> (just as note, this bug is caused by r38788)

... which is for bug 6263.  Which means I probably should have asked Andrew to
take a look rather than Stephen.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.