Wireshark-bugs: [Wireshark-bugs] [Bug 2675] segmentation fault loading trace containing NCP pack
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
Bill Meier <wmeier@xxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |NEW
--- Comment #12 from Bill Meier <wmeier@xxxxxxxxxxx> 2008-07-10 04:11:42 PDT ---
> He is looking over our shoulders in this bug :-)
Good.
The bug is that in packet-ncp2222.inc in various cases an invalid pointer is
passed to get_string() for the *dest_buf argument.
By invalid pointer I mean one that does not point to a 1024 byte buffer.
In most cases this appears to happen because in a call of the form
get_string(..., vvalues->vstring) vvalues->vstring has a pointer:
1. to a string constant "\0"; (this caused the crash seen for this report)
2. to a string constant (such as "False")
In some cases, it appears that functions that call get_string() may have been
called with vvalues->vstring having a good pointer but then the pointer is
overwritten before get_string() is called.
See, for example, print_nds_values() line #3036;
Also in print_nds_values() there's a case where vvalues->vstring is compared
against a string "zendmSearchType". If I understand the code correctly, it
seems it is possible that vvalues->vstring as originally passed to
print_nds_values() might have been clobbered by the time the compare is done
(say by line# 3036).
I'm reassigning this bug to wireshark-bugs. I hope Greg will have time to look
at it; If not please let me know so I can pursue it further.
Thanks
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
