Wireshark-dev: [Wireshark-dev] ASAN bug in wiretap/pcapng; just remove the code?
From: Peter Wu <[email protected]>
Date: Wed, 14 May 2014 19:09:44 +0200
Hi Anders,

I found an ASAN bug in wiretap (stack-based buffer overrun) for which
an initial patch was submitted to
https://code.wireshark.org/review/1628/ (patchset 1 or 2).

After a more thorough look, it seems that the pcapng_dump_t type and
related code are unused.

It was first added in commit a41d93603c07fa8b6a7a334e7bf969ebd188085e
Author: Michael Tüxen <[email protected]>  2009-06-27 17:20:44

    Add support for writing pcapng files with multiple
    encapsulations.
    This fixes a bug reported by Sake during the
    Sharkfest 09. Thanks for providing a
    Netscreen tracefile with multiple link layer
    types.
    This patch will be included in Wireshark 1.2.1
    and higher.
    
    svn path=/trunk/; revision=28862

Your (Anders) patch commented out the functions that actually use this:
commit c7f1a431d23e17a15777652b1252e139f182b0e6
Author: Anders Broman <[email protected]>
Date:   Mon Feb 20 20:15:51 2012 +0000

    Handle reading and writing of multiple IDB:s, write IDB options and use correct lengt for strings, handle more than 100 char comment
    
    svn path=/trunk/; revision=41082

It seems that the functionality got moved to other files, but the original
code using pcapng_dump_t can be removed (including the overrunning
g_array_ parts). Is that a correct observation?

A patch is underway, I'm asking just in case the change was unintentional.

Kind regards,
Peter