diff options
| author | Peter Wu <peter@lekensteyn.nl> | 2018-09-26 12:26:21 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2018-09-27 04:32:54 +0000 |
| commit | 281dd22da96daa105580bf25f064ddfdc99a719d (patch) | |
| tree | 3b4a72119ff6a7a7a9162325cf0ffd2475cf1fdb /epan/tvbtest.c | |
| parent | 123bcb0362a21ee1b498328e0be7fcad2a14f133 (diff) | |
tvb: gracefully handle reading 0 bytes from an empty buffer
proto_tree_add_item with a zero length argument could end up calling
tvb_get_ptr to retrieve the (empty) backing buffer. This empty tvb was
possibly the result of bad reassembly, but let's gracefully handle it to
avoid a dissector exception.
Call trace for the original exception (only present on the first pass):
proto_report_dissector_bug (format=0x7ffffffecea0 "") at epan/proto.c:1368
ensure_contiguous_no_exception (tvb=0x6060001a5460, offset=0, length=0, pexception=0x7ffffffed060) at epan/tvbuff.c:775
ensure_contiguous (tvb=0x6060001a5460, offset=0, length=0) at epan/tvbuff.c:785
tvb_get_ptr (tvb=0x6060001a5460, offset=0, length=0) at epan/tvbuff.c:906
subset_get_ptr (tvb=0x607000194b90, abs_offset=0, abs_length=0) at epan/tvbuff_subset.c:58
ensure_contiguous_no_exception (tvb=0x607000194b90, offset=0, length=0, pexception=0x7ffffffed3c0) at epan/tvbuff.c:773
ensure_contiguous (tvb=0x607000194b90, offset=0, length=0) at epan/tvbuff.c:785
tvb_get_ptr (tvb=0x607000194b90, offset=0, length=0) at epan/tvbuff.c:906
proto_tree_set_bytes_tvb (fi=0x608000535ca0, tvb=0x607000194b90, offset=0, length=0) at epan/proto.c:3862
proto_tree_new_item (new_fi=0x608000535ca0, tree=0x604000543150, tvb=0x607000194b90, start=0, length=0, encoding=0) at epan/proto.c:2318
proto_tree_add_item_new (tree=0x604000543150, hfinfo=0x7ffff30e91f8, tvb=0x607000194b90, start=0, length=0, encoding=0) at epan/proto.c:3381
proto_tree_add_item (tree=0x604000543150, hfindex=65120, tvb=0x607000194b90, start=0, length=0, encoding=0) at epan/proto.c:3391
dissect_body_data (tree=0x604000543150, pinfo=0x614000000a58, tvb=0x607000194b90, start=0, length=0, encoding=0) at epan/dissectors/packet-http2.c:1974
Change-Id: Icfae83d61ddcc9e26f16eab7f6e0e84e2f0d73ac
Reviewed-on: https://code.wireshark.org/review/29851
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/tvbtest.c')
| -rw-r--r-- | epan/tvbtest.c | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/epan/tvbtest.c b/epan/tvbtest.c index 57deeba73d..fb5984d1c8 100644 --- a/epan/tvbtest.c +++ b/epan/tvbtest.c @@ -95,7 +95,7 @@ test(tvbuff_t *tvb, const gchar* name, ex_thrown = TRUE; } CATCH_ALL { - printf("02: Caught wrong exception: %lu\n", exc->except_id.except_code); + printf("03: Caught wrong exception: %lu\n", exc->except_id.except_code); } ENDTRY; @@ -121,7 +121,7 @@ test(tvbuff_t *tvb, const gchar* name, printf("04: Caught wrong exception: ReportedBoundsError\n"); } CATCH_ALL { - printf("02: Caught wrong exception: %lu\n", exc->except_id.except_code); + printf("04: Caught wrong exception: %lu\n", exc->except_id.except_code); } ENDTRY; @@ -135,7 +135,7 @@ test(tvbuff_t *tvb, const gchar* name, /* Test boundary case. A BoundsError exception should not be thrown. */ ex_thrown = FALSE; TRY { - tvb_get_ptr(tvb, 0, 1); + tvb_get_ptr(tvb, 0, length ? 1 : 0); } CATCH(BoundsError) { ex_thrown = TRUE; @@ -147,7 +147,7 @@ test(tvbuff_t *tvb, const gchar* name, printf("05: Caught wrong exception: ReportedBoundsError\n"); } CATCH_ALL { - printf("02: Caught wrong exception: %lu\n", exc->except_id.except_code); + printf("05: Caught wrong exception: %lu\n", exc->except_id.except_code); } ENDTRY; @@ -161,7 +161,7 @@ test(tvbuff_t *tvb, const gchar* name, /* Test boundary case. A BoundsError exception should not be thrown. */ ex_thrown = FALSE; TRY { - tvb_get_ptr(tvb, -1, 1); + tvb_get_ptr(tvb, -1, length ? 1 : 0); } CATCH(BoundsError) { ex_thrown = TRUE; @@ -173,7 +173,7 @@ test(tvbuff_t *tvb, const gchar* name, printf("06: Caught wrong exception: ReportedBoundsError\n"); } CATCH_ALL { - printf("02: Caught wrong exception: %lu\n", exc->except_id.except_code); + printf("06: Caught wrong exception: %lu\n", exc->except_id.except_code); } ENDTRY; @@ -258,7 +258,8 @@ test(tvbuff_t *tvb, const gchar* name, /* One big memdup */ ptr = (guint8*)tvb_memdup(NULL, tvb, 0, -1); - if (memcmp(ptr, expected_data, length) != 0) { + if ((length != 0 && memcmp(ptr, expected_data, length) != 0) || + (length == 0 && ptr != NULL)) { printf("12: Failed TVB=%s Offset=0 Length=-1 " "Bad memdup\n", name); failed = TRUE; @@ -279,9 +280,11 @@ run_tests(void) int i, j; tvbuff_t *tvb_parent; + tvbuff_t *tvb_empty; tvbuff_t *tvb_small[3]; tvbuff_t *tvb_large[3]; tvbuff_t *tvb_subset[6]; + tvbuff_t *tvb_empty_subset; guint8 *small[3]; guint small_length[3]; guint small_reported_length[3]; @@ -326,6 +329,10 @@ run_tests(void) tvb_set_free_cb(tvb_large[i], g_free); } + /* Test empty tvb */ + tvb_empty = tvb_new_child_real_data(tvb_parent, NULL, 0, 1); + test(tvb_empty, "Empty", NULL, 0, 1); + /* Test the "real" tvbuff objects. */ test(tvb_small[0], "Small 0", small[0], small_length[0], small_reported_length[0]); test(tvb_small[1], "Small 1", small[1], small_length[1], small_reported_length[1]); @@ -373,6 +380,10 @@ run_tests(void) test(tvb_subset[4], "Subset 4", subset[4], subset_length[4], subset_reported_length[4]); test(tvb_subset[5], "Subset 5", subset[5], subset_length[5], subset_reported_length[5]); + /* Subset of an empty tvb. */ + tvb_empty_subset = tvb_new_subset_length_caplen(tvb_empty, 0, 0, 1); + test(tvb_empty_subset, "Empty Subset", NULL, 0, 1); + /* One Real */ printf("Making Composite 0\n"); tvb_comp[0] = tvb_new_composite(); |