Wireshark-bugs: [Wireshark-bugs] [Bug 2072] Buildbot crash output: fuzz-2007-12-05-9158.pcap
Date: Wed, 5 Dec 2007 21:50:02 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2072





------- Comment #5 from jeff.morriss@xxxxxxxxxxx  2007-12-05 21:50 GMT -------
(In reply to comment #4)
> which means it's going to access bufptr[21] which is not a nice round
> 32-bit-aligned address.

Well, except that bufptr is a pointing to an array of bytes which which means
that's fine.  (Sorry, brain's apparently not working so well today.)

Must be that GDB is lying to me about where it cored because it makes more
sense that it cores in this macro (1 source line up from the previously
mentioned one):

#define NIB_WORD(n,b) \
    (n) & 1 \
    ? (gint)((g_ntohl(*(guint32 *)((b) + (n)/2)) >> 12) & 0x0000FFFF) \
    : g_ntohs(*(guint16 *)((b) + (n)/2))

Here it's trying to dereference a guint32 on a not-necessarily-aligned address.

I'm not going to attempt a fix now lest I just make things worse.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.