ISO15765 and ISO10681 dissectors corrupt memory and Wireshark may crash
Summary
Traces with a lot of ISO15765 consecutive segments (e.g. 32) corrupt memory, so that Wireshark can crash (Wireshark 4.0) or hang (Wireshark 3.6). The same happens with the ISO10681 dissector.
I have a patch prepared and will create a MR.
Detailed Analysis
The following line of packet-iso15765.c may write behind the "frag_id_high" array:
frag_id += ((iso15765_frame->frag_id_high[frag_id]++) * 16);
This overflows the header of the next memory chunk. In my analysis the table inside the iso15765_frame_table map.
When after 32 flows, the table needs to be resized with wmem_map_grow and the old chunk is freed. Since the position of the previous chunk was corrupted, Wireshark crashes.