Wireshark-bugs: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors
Date: Mon, 29 Jul 2013 21:23:11 +0000

changed bug 3290

What Removed Added
CC   wireshark@kaiser.cx

Comment # 31 on bug 3290 from
While looking at Coverity issues ("dereferencing a NULL pointer") today, I
found one potential issue with the fixes related to this bug:

In proto_tree_add_item(), we call test_length() before doing the NULL check on
tree.

test_length() -> get_uint_value() -> report_type_length_mismatch() ->
dereference tree -> crash

This can be triggered by something like

proto_tree_add_item(NULL, hf_dvbci_prof_name, tvb, offset, 7, ENC_BIG_ENDIAN);
with hf_dvbci_prof_name being an FT_UINT_STRING

I understand that we must test_length() before TRY_TO_FAKE_THIS_ITEM().
Therefore, I added a NULL check in report_type_length_mismatch() in r51020.

Feel free to modify / revert this if I got it wrong.


You are receiving this mail because:
  • You are the assignee for the bug.
  • You are watching all bug changes.