Wireshark-bugs: [Wireshark-bugs] [Bug 2112] Buildbot crash output: fuzz-2007-12-17-25605.pcap
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2112
------- Comment #4 from jeff.morriss@xxxxxxxxxxx 2007-12-17 22:41 GMT -------
The problem with code like this (this is the generated code in
epan/dissectors/packet-h245.c):
~~~
#line 718 "h245.cnf"
if (upcoming_channel)
upcoming_channel->upcoming_addr = &upcoming_channel->media_addr;
offset = dissect_h245_TransportAddress(tvb, offset, actx, tree, hf_index);
#line 722 "h245.cnf"
if (upcoming_channel)
upcoming_channel->upcoming_addr = NULL;
~~~
is that we may take an exception in dissect_h245_TransportAddress() and never
set upcoming_addr to NULL.
If that is really the problem then this patch should fix it:
Index: asn1/h245/packet-h245-template.c
===================================================================
--- asn1/h245/packet-h245-template.c (revision 23898)
+++ asn1/h245/packet-h245-template.c (working copy)
@@ -350,6 +350,10 @@
static void
dissect_h245(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
+ /* Clean up from any previous packet dissection */
+ if(upcoming_channel)
+ upcoming_channel = NULL;
+
/*
* MultimediaSystemControlMessage_handle is the handle for
* dissect_h245_h245, so we don't want to do any h245_pi or tap stuff
here.
@@ -366,6 +370,10 @@
guint32 offset=0;
asn1_ctx_t asn1_ctx;
+ /* Clean up from any previous packet dissection */
+ if(upcoming_channel)
+ upcoming_channel = NULL;
+
if (check_col(pinfo->cinfo, COL_PROTOCOL)){
col_set_str(pinfo->cinfo, COL_PROTOCOL, PSNAME);
}
I haven't checked that in because I haven't been able to reproduce the problem
(yet--maybe tomorrow).
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.