Ethereal-dev: Re: [Ethereal-dev] ? memory leakage in ethereal-0.10.9-SVN-13063

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 16 Jan 2005 12:36:36 -0800
Matevz Pustisek wrote:

Hi! In ethereal-0.10.9-SVN-13063 (don't now about previous versions) I
encountered a memory problem.


It's not a leak, it's an infinite loop in the COPS dissector.
I've checked in a fix; the problem is that 16-bit length fields are being fetched into a guint16, but are then being rounded up to a multiple of 4 and put back into the guint16, so that if it has a value greater than 65531, it overflows the guint16; if that's zero, it'll loop infinitely, and if it's not zero, it might advance the offset to a value that would causes it to be zero in a subsequent iteration. I've widened the variable into which it's put, which fixes the problem.