Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 9323] Buildbot crash output: fuzz-2013-10-25-12569.pcap

Date: Sun, 27 Oct 2013 17:55:34 +0000

Comment # 8 on bug 9323 from
(In reply to comment #7)
> (In reply to comment #6)
> > I tried to modify the function to use g_strlcpy in order to respect both the
> > length *and* any possible null-terminator but that just moved the source of
> > the error to the g_strlcpy call. That makes me suspect the length being
> > passed in is incorrect, but I cannot track down how.
> 
> I didn't try that yet but the length looks OK to me (length is 48 though the
> 'line' is "Accept-Charset" through the end of the packet and into wiretap's
> unused space).

Actually the problem there is in the g_strlcpy() documentation.  To quote:

"src must be nul-terminated;"!

Gotta use strncpy. This patch fixes it though of course it needs to be done
properly...  Maybe after a game of soccer (football) with the kids...

~~~
@@ -2590,10 +2591,13 @@

 /* Set the FT_STRING value */
 static void
-proto_tree_set_string(field_info *fi, const char* value)
+proto_tree_set_string(field_info *fi, const char* value, gint length)
 {
        if (value) {
-               fvalue_set(&fi->value, (gpointer) value, FALSE);
+               /*fvalue_set(&fi->value, (gpointer) value, FALSE);*/
+               fi->value.value.string = (gchar *)g_malloc(length+1);
+               strncpy(fi->value.value.string, value, length);
+               fi->value.value.string[length] = 0;
        } else {
                fvalue_set(&fi->value, (gpointer) "[ Null ]", FALSE);
        }
~~~


You are receiving this mail because:
  • You are watching all bug changes.