Wireshark-bugs: [Wireshark-bugs] [Bug 5366] [PATCH] Proper dissection for Tight VNC negotiation
Date: Tue, 16 Nov 2010 13:20:22 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5366

--- Comment #8 from Yaniv Kaul <mykaul@xxxxxxxxx> 2010-11-16 13:20:21 PST ---
(In reply to comment #7)
> I was pretty sure I checked it before reporting it here, but I now double
> checked it by reverting packet-vnc.c to SVN and running the same test.  The SVN
> version does NOT show the problem.  (I didn't investigate further.)

Indeed - but it's exactly as I suspected - it's not purely my fault, as my
improved dissection actually exposes this bug. Up until now you couldn't reach
that path, because it would fail earlier, on mis-dissecting or not dissecting
the Tight message exchange.

It all begins on packet 34 being mis-dissected, offset 03e6 - it should
continue to dissect another rectangle. For it to properly do it, it should
desegment first, which it didn't do.

So an ugly hack that fixes some of the paths is:
    if (num_rects > 10000) {
        /* this is a bug in the dissector, misdissecting the packet, but lets
not run into an infinite loop */
        DISSECTOR_ASSERT_NOT_REACHED();
        return 0;
        }

In vnc_server_framebuffer_update().

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.