Wireshark-bugs: [Wireshark-bugs] [Bug 11736] New: Malformed packets with SET_CUR in the USBVIDEO
Date: Fri, 20 Nov 2015 09:50:24 +0000
Bug ID 11736
Summary Malformed packets with SET_CUR in the USBVIDEO (UVC) decoding
Product Wireshark
Version Git
Hardware x86
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter mithro@mithis.com

Created attachment 14018 [details]
pcap usb-malformed

Build Information:
tansell@tansell-x1c-l:~/foss/wireshark/wireshark$ wireshark -v
Wireshark 2.1.0 (v2.1.0rc0-638-gfdf486e from master)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.2.1, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with libz 1.2.8, with GLib 2.40.2, with SMI 0.4.8, with c-ares
1.10.0, with Lua 5.2, with GnuTLS 2.12.23, with Gcrypt 1.5.3, with MIT
Kerberos,
with GeoIP, without QtMultimedia, without AirPcap.

Running on Linux 3.13.0-66-generic, with locale C, with libpcap version 1.5.3,
with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt 1.5.3.
       Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz (with SSE4.2)

Built using gcc 4.8.4.

--
Some valid USB packets seem to be decoded as "malformed packets" because
wireshark is skipping 16 bytes. I've attached a pcap file which causes this.

The problem appears to be these lines;
------
1841         /* If there is an extended pseudo header, skip over it to reach
the payload */
1842         if ((usb_trans_info->setup.request == USB_SETUP_SET_CUR) &&
(usb_trans_info->header_type == USB_HEADER_LINUX_64_BYTES))
1843             offset += 16;
------
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-usb-video.c;hb=HEAD#l1840

I commented out those lines (then recompiled) and the decoding works.


You are receiving this mail because:
  • You are watching all bug changes.