USB HID dissector crash fixed in 3.2.9, 3.4.1
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1919926]
The USB HID dissector (epan/dissectors/packet-usb-hid.c) ends up calling decode_bits_in_field() (via proto_tree_add_bits_item) with a large data_size. Since decode_bits_in_field() did not check the passed argument, this could lead to a heap based buffer overflow when trying to access the 'str' buffer, allocated in the same function through wmem_alloc0().