Wireshark-bugs: [Wireshark-bugs] [Bug 5403] Buildbot crash output: fuzz-2010-11-14-3053.pcap
Date: Sun, 14 Nov 2010 18:48:37 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5403

Bill Meier <wmeier@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fff@xxxxxxxxxx

--- Comment #1 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-11-14 21:48:33 EST ---
Crash is occurring in frame #6973 in this capture.

The crash occurs in packet-zbee-security: dissect_zbee_secure()
because in  the following for this frame tvb_length_remaining returns a -1.

   /* Check for null payload. */
    if ( !(payload_len = tvb_length_remaining(tvb, offset+mic_len)) ) {
        return NULL;
    }

A little later in the code, there is an attempt to do a g_malloc(payload_len)
which (obviously) fails in this case since payload_len = (unsigned)-1.


I see that this code was recently added by Fred Fierling so he can probably
most easily fix it. :)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5384

(Adding Fred to the CC list for this bug).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.