Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13246] Uninitialized memcmp on data in daintree-sna.c

Wireshark-bugs: [Wireshark-bugs] [Bug 13246] Uninitialized memcmp on data in daintree-sna.c

Date: Sat, 17 Dec 2016 00:15:42 +0000

What	Removed	Added
Hardware	x86-64	All
OS	Linux (other)	All

Comment # 14 on bug 13246 from Guy Harris

(In reply to Peter Wu from comment #1)
> Confirmed, this is not an exploitable issue though since the read is limited
> to the buffer size.

The worst-case situation is, I think, that the comparison will *happen* to
succeed on a file that's *not* a Daintree SNA file because the junk on the
stack *happens* to match.  Unlikely, but the code was wrong and needed to be
fixed anyway.

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 13246] New: Uninitialized memcmp on data in daintree-sna.c
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 1293] "VoIP Calls" does not show start & stop time of calls in anything other than secs since start of capture.
Next by Date: [Wireshark-bugs] [Bug 13251] RFC 4571 - decode RTP when carried by TCP
Previous by thread: [Wireshark-bugs] [Bug 13246] Uninitialized memcmp on data in daintree-sna.c
Next by thread: [Wireshark-bugs] [Bug 13247] New: Buildbot crash output: fuzz-2016-12-12-29678.pcap
Index(es):
- Date
- Thread