Wireshark-bugs: [Wireshark-bugs] [Bug 1513] Wrong length for tvb_memcpy in packet-bthci_acl.c
Date: Tue, 29 Apr 2008 08:34:10 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1513


Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #8 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>  2008-04-29 08:33:49 GMT ---
Fixed (in rev 25195) so we will only copy in as many bytes as there are in the
destination buffer.  Trying to copy too many bytes from the TVB is fine because
it'll just throw an exception.

The tvb_memcpy() a few lines down is fine because it is wrapped in a test to
make sure there is enough room in the buffer.

While I was working on this I started wondering why *shark wasn't complaining
about the fact that we were writing past the end of se_alloc()'d memory
(Florent mentioned she noticed this bug while using Valgrind).  It turns out
that se_free_all() was not being called in tshark so we were never checking our
canary values.  I fixed that in rev 25196.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.