Wireshark-bugs: [Wireshark-bugs] [Bug 1648] New: Coverity CID 240: Overrun in packet-k12.c
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1648
Summary: Coverity CID 240: Overrun in packet-k12.c
Product: Wireshark
Version: 0.99.5
Platform: All
OS/Version: All
Status: NEW
Severity: Critical
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: gerald@xxxxxxxxxxxxx
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Pasted from Coverity:
238 if (!handles) {
239 data_handles[0] = data_handle;
Event ptr_assign: Pointer "handles" assigned address of static buffer pointer
"&data_handles" of size 8 and offset 0
Also see events: [overrun-local][overrun-local]
240 handles = data_handles;
241 }
242
243 se_tree_insert32(port_handles,
pinfo->pseudo_header->k12.input, handles);
244
245 }
246
At conditional (1): "handles == &data_handles" taking true path
247 if (handles == data_handles) {
248 proto_tree* stack_tree =
proto_item_add_subtree(stack_item,ett_stack_item);
249 proto_item* item;
250
251 item = proto_tree_add_text(stack_tree,tvb,0,0,
252
"Warning: stk file not matched in the 'K12 Protocols' table");
At conditional (2): "item != 0" taking true path
253 PROTO_ITEM_SET_GENERATED(item);
254 expert_add_info_format(pinfo, item, PI_UNDECODED,
PI_WARN, "unmatched stk file");
255
256 item = proto_tree_add_text(stack_tree,tvb,0,0,
257
"Info: You can edit the 'K12 Protocols' table from
Preferences->Protocols->k12xx");
At conditional (3): "item != 0" taking true path
258 PROTO_ITEM_SET_GENERATED(item);
259 }
260
261 /* Setup subdissector information */
262
Event overrun-local: Overrun of static array of size 8 at position 8 by
indexing pointer alias "handles" with index variable "((i + 1) * 4)"
Event overrun-local: NOTE: These bugs are often difficult to see at first
glance. Coverity Prevent recommends a close inspection of the events leading to
this overrun.
Also see events: [ptr_assign][overrun-local]
At conditional (4): "*(handles + (i * 4)) != 0" taking true path
At conditional (5): "*(handles + ((i + 1) * 4)) != 0" taking true path
At conditional (10): "*(handles + (i * 4)) != 0" taking true path
263 for (i = 0; handles[i] && handles[i+1]; ++i) {
At conditional (6): "*(handles + (i * 4)) == sscop_handle" taking true path
264 if (handles[i] == sscop_handle) {
265 sscop_payload_info *p_sscop_info =
p_get_proto_data(pinfo->fd, proto_sscop);
At conditional (7): "p_sscop_info == 0" taking true path
266 if (!p_sscop_info) {
267 p_sscop_info =
ep_alloc0(sizeof(sscop_payload_info));
At conditional (8): "p_sscop_info != 0" taking true path
268 if (p_sscop_info)
269 p_add_proto_data(pinfo->fd,
proto_sscop, p_sscop_info);
270 }
At conditional (9): "p_sscop_info != 0" taking true path
271 if (p_sscop_info)
272 p_sscop_info->subdissector =
handles[i+1];
273 }
274 /* Add more protocols here */
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
