Wireshark-bugs: [Wireshark-bugs] [Bug 3290] TRY_TO_FAKE_THIS_ITEM disables bounds errors
Date: Tue, 30 Jul 2013 14:07:08 +0000

Comment # 32 on bug 3290 from
(In reply to comment #31)
> While looking at Coverity issues ("dereferencing a NULL pointer") today, I
> found one potential issue with the fixes related to this bug:
> 
> In proto_tree_add_item(), we call test_length() before doing the NULL check
> on tree.
> 
> test_length() -> get_uint_value() -> report_type_length_mismatch() ->
> dereference tree -> crash
> 
> This can be triggered by something like
> 
> proto_tree_add_item(NULL, hf_dvbci_prof_name, tvb, offset, 7,
> ENC_BIG_ENDIAN);
> with hf_dvbci_prof_name being an FT_UINT_STRING
> 
> I understand that we must test_length() before TRY_TO_FAKE_THIS_ITEM().
> Therefore, I added a NULL check in report_type_length_mismatch() in r51020.
> 
> Feel free to modify / revert this if I got it wrong.

Oops, yeah, I forgot about the "throw exception if given an invalid length"
stuff.  Your fix looks good.


You are receiving this mail because:
  • You are the assignee for the bug.
  • You are watching all bug changes.