Wireshark-dev: Re: [Wireshark-dev] [PATCH] ieee80211 integer overflow
From: Gerald Combs <[email protected]>
Date: Tue, 12 Dec 2006 14:32:33 -0800
Neil Kettle wrote:
> Hi all - the following is caused by an integer overflow in buggy pointer arithmetic
> in the calculation of the length parameter for the g_snprintf call...
> This is likely unexploitable due to a combination of the restrictions of the bytes
> we may write ('0'->'9', 'A'->'F') and stack layout (that is, because the
> function is static and called from only one stack frame, who itself is
> called from only one stack frame, the compiler inlines both functions with a
> larger stack frame)... Thus, if test-packet does not crash wireshark then
> you have been saved by your compiler...

I've checked in a different fix in r20126.  Can you check to see that it
works as expected?