Wireshark-bugs: [Wireshark-bugs] [Bug 2072] Buildbot crash output: fuzz-2007-12-05-9158.pcap
Date: Wed, 5 Dec 2007 21:09:21 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2072





------- Comment #4 from jeff.morriss@xxxxxxxxxxx  2007-12-05 21:09 GMT -------
Hum, it is crashing here:

    uiuc = NIB_NIBBLE(nibble + 4, bufptr);

where:

(gdb) print nibble
$1 = 38
(gdb) print bufptr
$2 = (const guint8 *) 0xd9236c "Ô\n@Ô"

The pointer is fine but "nibble+4" is 42 and that macro expands to:

/* extract the nibble at the given nibble address 'n' of buffer 'b' */
#define NIB_NIBBLE(n,b) \
    (((n) & 1) \   
    ?  (b)[(n)/2] & NIBBLE_MASK \
    : ((b)[(n)/2] >> 4) & NIBBLE_MASK)

which means it's going to access bufptr[21] which is not a nice round
32-bit-aligned address.

(So it's probably not coring for me as a result of the fuzzing of the capture
file but rather because of the way the plugin was programmed.  Not sure if we
should open a different bug for this or leave it here...)


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.