Wireshark-bugs: [Wireshark-bugs] [Bug 10978] Buildbot crash output: fuzz-2015-02-17-560.pcap
Date: Sat, 21 Mar 2015 16:51:56 +0000

changed bug 10978


What Removed Added
CC   mmann78@netscape.net

Comment # 7 on bug 10978 from
I agree that the problem can be seen in frame 28, but I think it's with byte 49
of frame (start of long compression).  I initialized the buffer memory to
garbage (used memset(..., 0xCD, ...) for both buffers in get_wcp_window_ptr and
the problem was much easier to see.  During the decompressed_entry() call, the
first if statement (src < buf_start) is true so the src pointer is incremented
by MAX_WIN_BUF_LEN.  This makes no sense to me because MAX_WIN_BUF_LEN is the
total size of a buffer, so what exactly is src pointing to after it's been
incremented?  It seems to be copying from "uninitialized memory" (the 0xCD
values I fake initialized it to)


You are receiving this mail because:
  • You are watching all bug changes.