Wireshark-bugs: [Wireshark-bugs] [Bug 4274] Buildbot crash output: fuzz-2009-11-29-8197.pcap
Date: Mon, 30 Nov 2009 08:32:07 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4274

Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #4007|                            |review_for_checkin?
               Flag|                            |

--- Comment #1 from Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> 2009-11-30 08:32:06 PST ---
Created an attachment (id=4007)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4007)
fix assertion in emem_alloc_chunk (integer overflow)

If dissector pass some negative number to ep_alloc() e.g -1

 size = (size_t) -1
asize = size+pad (but >= 0)
 pad  > asize.

DISSECTOR_ASSERT(asize<(EMEM_PACKET_CHUNK_SIZE>>2)); // assertion passed.

with patch:
DISSECTOR_ASSERT(size<(EMEM_PACKET_CHUNK_SIZE>>2));  // assertion failed.

it's this bug related, cause packet-ltp.c is calling:
  ep_alloc(-4) and ep_alloc(-8)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.