Wireshark-bugs: [Wireshark-bugs] [Bug 4970] Wireshark Crashes when invalid subframe information
Date: Sun, 4 Jul 2010 09:56:04 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4970

Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |martin.r.mathieson@googlema
                   |                            |il.com

--- Comment #2 from Martin Mathieson <martin.r.mathieson@xxxxxxxxxxxxxx> 2010-07-04 09:55:56 PDT ---
(In reply to comment #1)
> This problem is seen when decoding LTE-MAC packets. 
> 
> Sorry for the incomplete details provided earlier. thisData I referred could be
> found in the file packet-lte-mac.c file.
> 
> Thanks,
> Madhur

Yes, there is an assumption that the subframe number is in the range 0-9, and
it isn't range-checked.  It would write outside of the allocated array if you
had a number outside of that range.

I'll add some range-checking, I guess I never thought it'd be an issue.

Martin

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.