https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7879
Chris Maynard <christopher.maynard@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #9386| |review_for_checkin?
Flags| |
--- Comment #1 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2012-10-19 21:05:20 PDT ---
Created attachment 9386
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9386
Avoid an infinite loop.
As far as I can tell, the problematic packet is 5992 where there is an infinite
loop in epan/dissectors/packet-rtcp.c due to dissect_rtcp_app() ~line 1601:
packet_len -= tvb_get_guint8( tvb, offset + packet_len - 1 );
Before this, offset=12, packet_len=8, and tvb_get_guint8() returns 20.
After this, packet_len=4294967284 (a.k.a., -12).
At line 1604: offset += packet_len, so after this offset=0, which is the return
value of dissect_rtcp_app() at line 2972:
offset = dissect_rtcp_app(...);
So now offset is 0, but this is what keeps us stuck in the while loop at line
2861:
while ( !srtcp_now_encrypted && tvb_bytes_exist( tvb, offset, 4) ) {
The attached patch resolves the infinite loop problem, but I'm not sure if it's
the best way to fix it or if there's a better way. Maybe someone more familiar
with RTCP could review it please?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
