Wireshark-bugs: [Wireshark-bugs] [Bug 11702] Start, wait and crash
Date: Mon, 16 Nov 2015 19:57:02 +0000

Comment # 9 on bug 11702 from
One thing we're not doing is checking for _open_osfhandle() failing; if it
fails, even though we have valid Windows HANDLES (perhaps because the C runtime
has a fixed number of C file handle structures, and we run out of them due to a
leak), it returns -1, so if we don't check for it failing, we report that we
successfully opened the pipes to dumpcap, but return -1 as the handle for one
or the other or both of the pipes.

On UN*X, attempts to use a file handle cause the kernel to look the handle up
in a kernel table, and it does bounds checking and will return EBADF if the
descriptor isn't a valid value, which means, among other things, a non-negative
value, so the attempt will fail without a crash.  (But that won't happen in the
UN*X version of this code - pipe() will fail if it can't allocate the
descriptors, and we'll catch that rather than returning "success" and bogus
descriptors.)

On Windows with MSVC code, the C runtime might not be checking the file handle
value, and might just use it as an index into a table and get a bogus
structure, causing a crash.

https://code.wireshark.org/review/11881 adds those checks.


You are receiving this mail because:
  • You are watching all bug changes.