Wireshark-bugs: [Wireshark-bugs] [Bug 10978] Buildbot crash output: fuzz-2015-02-17-560.pcap
Comment # 8
on bug 10978
from Evan Huus
> but I think it's with byte 49 of frame
I calculated byte 38 by putting a print statement in for every byte index, and
then seeing after which byte the valgrind errors occurred, but I'm inclined to
trust your method more.
> so the src pointer is incremented by MAX_WIN_BUF_LEN
This whole code is really weird, but as far as I can tell it decompresses
in-place (the decompressed bytes are written in the same buffer as the
compressed bytes are read) and this is handled by treating it as a circular
buffer. If my understanding is correct, then the increment makes some sense, as
it is just "we walked backwards past the front of the buffer, so wrap around".
If it is true that "src < buf_start" at this point, and buf_start points to a
buffer of length MAX_WIN_BUF_LEN, then "src + MAX_WIN_BUF_LEN" should result in
a pointer into the buffer somewhere, shouldn't it?
You are receiving this mail because:
- You are watching all bug changes.