Wireshark-bugs: [Wireshark-bugs] [Bug 7880] Buildbot crash output: fuzz-2012-10-19-28735.pcap
Date: Wed, 21 Nov 2012 18:38:59 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880

Bill Meier <wmeier@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #3 from Bill Meier <wmeier@xxxxxxxxxxx> 2012-11-21 18:38:57 PST ---
(In reply to comment #2)
> Packet #20961, dissect_iphc_crtp_fh:
> 
> (gdb) print ip_hdr_len
> $1 = 56
> (gdb) print length
> $2 = 61
> 
> ip_packet = tvb_memdup(tvb, 0, length);
> ...
> ip_packet[ip_hdr_len + 5] = (length - ip_hdr_len); <--- ip_hdr_len + 5 >=
> length
>                                                         buffer overflow.


Fix committed in SVN #46128.

(I wasn't actually able to duplicate the crash, but I verified (using a
debugger) that this particular issue has been addressed).

#Backport (after a round of fuzz-testing by the buildbot).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.