Wireshark-bugs: [Wireshark-bugs] [Bug 7568] Capture file that crashes wireshark in packet-rtps2.
Date: Fri, 3 Aug 2012 12:31:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7568

Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darkjames-ws@xxxxxxxxxxxx

--- Comment #2 from Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx> 2012-08-03 12:31:16 PDT ---
>From rtps_util_add_bitmap():

  (num_bits is 32-bit signed number fetched from tvb)
  (temp_buff char array with MAX_BITMAP_SIZE size)

  for (i = 0; i < num_bits; i += 32) {
    /* ... */
    for (j = 0; j < 32; ++j) {
      temp_buff[idx] = (data & datamask) ? '1':'0'; // <-- buffer overflow
here.

      ++idx;
      /* ... */

      // protection here terminates only *inner* loop
      if (idx >= MAX_BITMAP_SIZE-1)
        break;
    }
  }

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.