Wireshark-dev: Re: [Wireshark-dev] Crash in dissect_smb2_command
From: Jeff Morriss <[email protected]>
Date: Mon, 26 Sep 2016 09:53:25 -0400

On Sun, Sep 25, 2016 at 12:47 PM, Paul Offord <[email protected]> wrote:



Between 2.2 and the latest git a change seems to have been made to dissect_smb2_getinfo_request().  It now returns an integer based on the difference between two dissected values:


               offset = getinfo_offset + getinfo_size;


               return offset;


Unfortunately getinfo_offset and getinfo_size are sometimes zero and so a zero offset is returned.  On return to dissect_smb2_command there’s some fiddling around until we get to:


               proto_item_set_len(cmd_item, offset-old_offset);


The calculation of offset-old_offset yields a negative number which is passed to proto_item_set_len as a length parameter.  In proto_item_set_len we have:


               DISSECTOR_ASSERT(length >= 0);


Obviously this causes an exception.


Do I just feed this back as commentary on the Patch Set or should I raise a bug? 

Either one works but if you do the former you should be prepared to remember the comment and raise a bug if you don't get a response.

If the former, can you point me to the change because I can’t seem to find it?

"git log -p" is your friend for this kind of thing (or "git blame"):