Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2169] New: g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short

Wireshark-bugs: [Wireshark-bugs] [Bug 2169] New: g_malloc0() call in uat_unesc() (epan/uat.c) is

Date: Sun, 6 Jan 2008 04:45:44 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2169

           Summary: g_malloc0() call in uat_unesc() (epan/uat.c) is one byte
                    too short
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: jyoung@xxxxxxx


Build Information:
Version 0.99.8 (SVN Rev 23978)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.8.3, with GLib 2.8.1, with libpcap 0.9.2, with libz 1.2.3,
without libpcre, without SMI, without ADNS, without Lua, with GnuTLS 1.2.5,
with
Gcrypt 1.2.1, without Kerberos, with PortAudio PortAudio V19-devel, without
AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.13-15.18-default, with libpcap version 0.9.2.

Built using gcc 4.0.2 20050901 (prerelease) (SUSE Linux).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Hello,

Currently the function uat_unesc() from epan/uat.c's uses g_malloc0() to
allocate a buffer exactly the length of the number of characters that will be
copied into it.   This length does NOT allocate an extra byte for making this
buffer a proper ASCII NUL terminated string.

While proposing a fix for a defect identified in Bug 2162 it was suggested by
Jeff Morriss that there might be another bug.  Turns out he was right!  

Patch will be uploaded shortly to address uat_unesc() bug.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Follow-Ups:
- [Wireshark-bugs] [Bug 2169] g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2169] g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2169] g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2169] g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2169] g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 2083] Packet list
Next by Date: [Wireshark-bugs] [Bug 2169] g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short
Previous by thread: [Wireshark-bugs] [Bug 2083] Packet list
Next by thread: [Wireshark-bugs] [Bug 2169] g_malloc0() call in uat_unesc() (epan/uat.c) is one byte too short
Index(es):
- Date
- Thread