Wireshark-bugs: [Wireshark-bugs] [Bug 8717] Buildbot crash output: fuzz-2013-05-25-10691.pcap
Comment # 6
on bug 8717
from Julian Cable
I think I'm going to need some help. It is 7 years since I wrote this code. The
relevant part of the code is:
if (fcount > 1) { /* fragmented*/
gboolean save_fragmented = pinfo->fragmented;
guint16 real_len = tvb_length(tvb)-offset;
proto_tree_add_item (pft_tree, hf_edcp_pft_payload, tvb, offset, real_len,
ENC_NA);
if(real_len != payload_len || real_len == 0) {
if(li)
proto_item_append_text(li, " (length error (%d))", real_len);
}
if (real_len)
next_tvb = dissect_pft_fragmented(tvb, pinfo, pft_tree, findex, fcount,
seq, offset, real_len, fec, rsk, rsz);
pinfo->fragmented = save_fragmented;
} else {
next_tvb = tvb_new_subset_remaining (tvb, offset);
}
if(next_tvb) {
dissect_af(next_tvb, pinfo, tree);
}
payload_len is the declared length of the fragment in the protocol.
real_len is the calculated length of the payload from the bytes consumed and
the tvb length.
The code checks for a discrepancy (phew) and puts this in the decode, but then
tries to carry on decoding. I guess this is where it should give up.
I can't remember enough about the api to know how to gracefully abort and leave
this for other protocols to get a chance, or to skip to the end if that is a
better tactic.
Suggestions please.
You are receiving this mail because:
- You are watching all bug changes.