Wireshark-bugs: [Wireshark-bugs] [Bug 7880] Buildbot crash output: fuzz-2012-10-19-28735.pcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880
Bill Meier <wmeier@xxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #3 from Bill Meier <wmeier@xxxxxxxxxxx> 2012-11-21 18:38:57 PST ---
(In reply to comment #2)
> Packet #20961, dissect_iphc_crtp_fh:
>
> (gdb) print ip_hdr_len
> $1 = 56
> (gdb) print length
> $2 = 61
>
> ip_packet = tvb_memdup(tvb, 0, length);
> ...
> ip_packet[ip_hdr_len + 5] = (length - ip_hdr_len); <--- ip_hdr_len + 5 >=
> length
> buffer overflow.
Fix committed in SVN #46128.
(I wasn't actually able to duplicate the crash, but I verified (using a
debugger) that this particular issue has been addressed).
#Backport (after a round of fuzz-testing by the buildbot).
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.