Wireshark-bugs: [Wireshark-bugs] [Bug 11969] Buildbot crash output: fuzz-2016-01-07-13659.pcap
Comment # 4
on bug 11969
from Guy Harris
(In reply to Guy Harris from comment #1)
> (In reply to Buildbot Builder from comment #0)
> > ==13873== Conditional jump or move depends on uninitialised value(s)
> > ==13873== at 0x686F60C: req_resp_hdrs_do_reassembly (req_resp_hdrs.c:133)
>
> I must be missing something, because line 133 is
>
> if (linelen == 0) {
>
> and it follows an assignment to linelen and another if that also tests
> linelen.
>
> Perhaps the error was on another line?
Probably line 148, as with the other instances of this bug.
And valgrind also failed to find the point at which an uninitialized value -
tcpinfo->fin - was first used, namely in packet-http.c. It was used to set
try_desegment_body before calling req_resp_hdrs_do_reassembly(), so a value
*based on* an uninitialized value - hence initialized, but "tainted" - was
passed to req_resp_hdrs_do_reassembly(), and the conditional operation depended
on that "tainted" and thus *indirectly* depended on an uninitialized value.
You are receiving this mail because:
- You are watching all bug changes.