Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12106] Buildbot crash output: fuzz-2016-02-09-3681.pcap

Wireshark-bugs: [Wireshark-bugs] [Bug 12106] Buildbot crash output: fuzz-2016-02-09-3681.pcap

Date: Sat, 20 Feb 2016 00:17:23 +0000

What	Removed	Added
CC		peter@lekensteyn.nl

Comment # 1 on bug 12106 from Peter Wu

The problem is here:

 for (first_pass = TRUE, cset = set, set_idx = 0; cset->func || first_pass;
cset++, set_idx++) {

combined with:

 static const ber_sequence_t T_paramSet_set[] = {
   { NULL, 0, 0, 0, NULL }
 };

 static int
 dissect_ansi_tcap_T_paramSet(...) {
   offset = dissect_ber_set(..., T_paramSet_set, ...);

Because the list of possible set elements is empty, this will happen:

Iteration 0:
first_pass == TRUE;
cset == &T_paramSet_set[0];
cset->func == NULL;
condition TRUE because first_pass == TRUE

Iteration 1:
first_pass == FALSE;
cset == &T_paramSet_set[1];
Invalid memory access when reading cset->func!

I'm now checking which dissectors are affected by this (other than ansi_tcap).

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 12106] New: Buildbot crash output: fuzz-2016-02-09-3681.pcap
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12048] Wireshark infinite / very deep recursion in dissect_llrp_parameters
Next by Date: [Wireshark-bugs] [Bug 10673] IPv6 RPL Routing Header calculates Full Address fields using Mobile IP's Home Address instead of the IPv6's Destination address
Previous by thread: [Wireshark-bugs] [Bug 12106] New: Buildbot crash output: fuzz-2016-02-09-3681.pcap
Next by thread: [Wireshark-bugs] [Bug 12106] Buildbot crash output: fuzz-2016-02-09-3681.pcap
Index(es):
- Date
- Thread