## Analysis Context *The verification was performed with TrustInSoft Analyzer, a formal static analyzer for C and C++.* *The result is part of a larger security assessment performed by TrustInSoft for* ***Naval Group***. This issue was found during the analysis of wireshark, and the analysis of wireshark was performed in the following environment: ----------------- ---------------------------------------------- Platform Ubuntu Linux 18.04 Tool TrustInSoft Analyzer, a formal static analyzer Input Files Fuzzing of 10 000 pcap file using AFL Verification Analysis of `process_cap_file` with the AFL corpus ------------- ---------------------------------------------- ------------ ------------------- ---------------------- ---------------- Wireshark version v2.6.16rc0 git commit dcd65a4012 https://github.com/wireshark/wireshark.git glib version 2.62.6 git commit eb0f73a39 https://github.com/GNOME/glib.git libgcrypt version 1.8.5 git commit ada758e3 https://github.com/gpg/libgcrypt.git libgpg-error version 1.37 git commit 85b5006 https://github.com/gpg/libgpg-error.git libpcap version 1.9.1 git commit 1547215c https://github.com/the-tcpdump-group/libpcap.git pcre version 8.43-RC1 git commit 10e4adb https://github.com/svn2github/pcre.git pcre2 version 10.10 git commit a677f5b https://github.com/luvit/pcre2.git zlib version 10.10 git commit a677f5b https://github.com/madler/zlib.git ------------ ------------------- ---------------------- ---------------- - valgrind is deactivated in glib - PCRE library is deactivated in glib - `cap_files_hashes` is deactivated in wireshark ## Invalid Pointer Arithmetic in *g_path_get_basename* In the function `g_path_get_basename`, the expression `file_name + base + 1` may computes an invalid pointer when `base` is equal to `-1` and the evaluation of the expression is performed as `(file_name + base) + 1`. File: glib/glib/gfileutils.c ```c memcpy (retval, file_name + base + 1, len); ``` With the following patch, no invalid pointer is computed. ```c memcpy (retval, file_name + (base + 1), len); ```
Please report this against glib: https://gitlab.gnome.org/GNOME/glib/issues/new
OK, I have reported it here https://gitlab.gnome.org/GNOME/glib/-/issues/2077