Wireshark-bugs: [Wireshark-bugs] [Bug 9027] Another fuzz failure in print_hex_data_buffer
Date: Sun, 11 Aug 2013 13:37:41 +0000

Comment # 5 on bug 9027 from
(In reply to comment #4)
> (In reply to comment #3)
> > I don't have a crash, nor I don't have valgrind, Evan can you check if after:
> > 
> > @@ -1183,7 +1183,7 @@ fragment_add_work(fragment_head *fd_head, tvbuff_t
> > *tvb, const int offset,
> >         }
> >  
> >         if (old_tvb_data)
> > -               tvb_free(old_tvb_data);
> > +               tvb_add_to_chain(tvb, old_tvb_data);
> > 
> > use after free errors goes away?
> 
> Yes, but instead I get:
> ** (process:12652): WARNING **: Dissector bug, protocol TCP, in packet 225:
> tvbuff.c:133: failed assertion "parent && child"

Quite interesting, what is NULL? 

old_tvb_data can't be because we check it line above,
tvb? Quite not possible...

> Also, I had to #include <tvbuff-int.h> to use that function, which means it
> isn't part of the public API?

Yes, it's hack, just to not free tvb now (cause it could be already used),
but free it on the end of packet dissecting.

Wish we have reassembly_tvb[1] we wouldn't need it.


[1] http://www.wireshark.org/lists/wireshark-dev/201307/msg00085.html


You are receiving this mail because:
  • You are watching all bug changes.