diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2014-02-05 14:29:57 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2014-02-05 16:03:54 +0000 |
| commit | 5236d89e2627946fc9a2044d98574b3c54c3d0d6 (patch) | |
| tree | 5989de31cdb4140ea8034f178562d4764da78c9e | |
| parent | 2c3f02231493b45022adc6b43cd680474486e80e (diff) | |
Dissector assert in packet-nbap.c. num_items isn't reset before calling a sequence filling the array.
Closed-bug #9726
Change-Id: Ie4bc538b0788eb32895c9eedf8e0277c6d9ed1b2
Reviewed-on: https://code.wireshark.org/review/120
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Tested-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | asn1/nbap/nbap.cnf | 5 | ||||
| -rw-r--r-- | epan/dissectors/packet-nbap.c | 43 |
2 files changed, 29 insertions, 19 deletions
diff --git a/asn1/nbap/nbap.cnf b/asn1/nbap/nbap.cnf index 16e021c611..47a2e5981b 100644 --- a/asn1/nbap/nbap.cnf +++ b/asn1/nbap/nbap.cnf @@ -1680,6 +1680,11 @@ nbap_edch_channel_info[e_dch_macdflow_id].no_ddi_entries = num_items; break; } + +# Reset num_items before calling the sequence +#.FN_HDR HSDSCH-MACdFlows-to-Delete + num_items = 0; + # Make sure num_items isn't 0 when accessing HSDSCH-MACdFlow-ID # #.FN_HDR HSDSCH-MACdFlows-to-Delete-Item diff --git a/epan/dissectors/packet-nbap.c b/epan/dissectors/packet-nbap.c index 944f80e7ff..e9768bcca6 100644 --- a/epan/dissectors/packet-nbap.c +++ b/epan/dissectors/packet-nbap.c @@ -10040,7 +10040,7 @@ dissect_nbap_AddorDeleteIndicator(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t static int dissect_nbap_CFN(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2140 "../../asn1/nbap/nbap.cnf" +#line 2145 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 255U, &cfn, FALSE); @@ -10293,7 +10293,7 @@ dissect_nbap_AvailabilityStatus(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *a static int dissect_nbap_HSDSCH_RNTI(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2105 "../../asn1/nbap/nbap.cnf" +#line 2110 "../../asn1/nbap/nbap.cnf" umts_fp_conversation_info_t *umts_fp_conversation_info = NULL; address null_addr; conversation_t *conversation = NULL; @@ -11515,7 +11515,7 @@ dissect_nbap_Common_E_DCH_Resource_Combination_InfoList(tvbuff_t *tvb _U_, int o static int dissect_nbap_Common_MACFlow_ID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1964 "../../asn1/nbap/nbap.cnf" +#line 1969 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, maxNrOfCommonMACFlows_1, &common_macdflow_id, FALSE); @@ -11668,7 +11668,7 @@ dissect_nbap_LogicalChannelID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *act static int dissect_nbap_MAC_PDU_SizeExtended(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1720 "../../asn1/nbap/nbap.cnf" +#line 1725 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 1U, 1504U, NULL, TRUE); @@ -12091,7 +12091,7 @@ static const per_sequence_t CommonMACFlow_Specific_InfoItem_sequence[] = { static int dissect_nbap_CommonMACFlow_Specific_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1971 "../../asn1/nbap/nbap.cnf" +#line 1976 "../../asn1/nbap/nbap.cnf" address dst_addr; transportLayerAddress_ipv4 = 0; BindingID_port = 0; @@ -13356,7 +13356,7 @@ dissect_nbap_CriticalityDiagnostics(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_ static int dissect_nbap_CRNC_CommunicationContextID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2079 "../../asn1/nbap/nbap.cnf" +#line 2084 "../../asn1/nbap/nbap.cnf" offset = dissect_per_constrained_integer(tvb, offset, actx, tree, hf_index, 0U, 1048575U, &com_context_id, FALSE); @@ -23316,7 +23316,7 @@ static const per_sequence_t HSDSCH_Common_System_InformationFDD_sequence[] = { static int dissect_nbap_HSDSCH_Common_System_InformationFDD(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1991 "../../asn1/nbap/nbap.cnf" +#line 1996 "../../asn1/nbap/nbap.cnf" /* * 5.1.6 High Speed Downlink Shared Channels * The Data Transfer procedure is used to transfer a HS-DSCH DATA FRAME (TYPE 1, TYPE 2 [FDD and 1.28Mcps @@ -23477,7 +23477,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InfoItem_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlow_Specific_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1698 "../../asn1/nbap/nbap.cnf" +#line 1703 "../../asn1/nbap/nbap.cnf" address dst_addr; @@ -23621,7 +23621,7 @@ static const per_sequence_t PriorityQueue_InfoItem_sequence[] = { static int dissect_nbap_PriorityQueue_InfoItem(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1689 "../../asn1/nbap/nbap.cnf" +#line 1694 "../../asn1/nbap/nbap.cnf" num_items++; @@ -23691,6 +23691,7 @@ dissect_nbap_HSDSCH_MACdFlows_Information(tvbuff_t *tvb _U_, int offset _U_, asn + return offset; } @@ -23766,7 +23767,7 @@ static const per_sequence_t HSDSCH_FDD_Information_sequence[] = { static int dissect_nbap_HSDSCH_FDD_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1750 "../../asn1/nbap/nbap.cnf" +#line 1755 "../../asn1/nbap/nbap.cnf" /* * Collect the information about the HSDSCH MACdFlows set up conversation(s) and set the conversation data. */ @@ -23903,7 +23904,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InfoItem_to_Modify_sequence static int dissect_nbap_HSDSCH_MACdFlow_Specific_InfoItem_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1839 "../../asn1/nbap/nbap.cnf" +#line 1844 "../../asn1/nbap/nbap.cnf" address dst_addr; transportLayerAddress_ipv4 = 0; BindingID_port = 0; @@ -23961,7 +23962,7 @@ static const per_sequence_t PriorityQueue_InfoItem_to_Add_sequence[] = { static int dissect_nbap_PriorityQueue_InfoItem_to_Add(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1692 "../../asn1/nbap/nbap.cnf" +#line 1697 "../../asn1/nbap/nbap.cnf" num_items = 1; @@ -24096,7 +24097,7 @@ static const per_sequence_t HSDSCH_Information_to_Modify_sequence[] = { static int dissect_nbap_HSDSCH_Information_to_Modify(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1859 "../../asn1/nbap/nbap.cnf" +#line 1864 "../../asn1/nbap/nbap.cnf" /* * This is pretty much the same like if we setup a previous flow */ @@ -24218,7 +24219,7 @@ static const value_string nbap_HSDSCH_MACdPDUSizeFormat_vals[] = { static int dissect_nbap_HSDSCH_MACdPDUSizeFormat(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1727 "../../asn1/nbap/nbap.cnf" +#line 1732 "../../asn1/nbap/nbap.cnf" /* * Removed 10 Aug. 2012, I'm not sure if this was right, it wrongfully * set some packets as type 2 for HSDHCH modified items. @@ -24329,7 +24330,7 @@ static const per_sequence_t HSDSCH_MACdFlow_Specific_InformationResp_Item_sequen static int dissect_nbap_HSDSCH_MACdFlow_Specific_InformationResp_Item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1695 "../../asn1/nbap/nbap.cnf" +#line 1700 "../../asn1/nbap/nbap.cnf" num_items++; @@ -24745,7 +24746,7 @@ static const per_sequence_t HSDSCH_Paging_System_InformationFDD_sequence[] = { static int dissect_nbap_HSDSCH_Paging_System_InformationFDD(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2069 "../../asn1/nbap/nbap.cnf" +#line 2074 "../../asn1/nbap/nbap.cnf" /* g_warning("HS-DSCH Type 3 NOT Implemented!"); */ @@ -24939,7 +24940,7 @@ static const per_sequence_t HSDSCH_MACdFlows_to_Delete_Item_sequence[] = { static int dissect_nbap_HSDSCH_MACdFlows_to_Delete_Item(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 1686 "../../asn1/nbap/nbap.cnf" +#line 1691 "../../asn1/nbap/nbap.cnf" num_items++; @@ -24956,6 +24957,10 @@ static const per_sequence_t HSDSCH_MACdFlows_to_Delete_sequence_of[1] = { static int dissect_nbap_HSDSCH_MACdFlows_to_Delete(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +#line 1686 "../../asn1/nbap/nbap.cnf" + num_items = 0; + + offset = dissect_per_constrained_sequence_of(tvb, offset, actx, tree, hf_index, ett_nbap_HSDSCH_MACdFlows_to_Delete, HSDSCH_MACdFlows_to_Delete_sequence_of, 1, maxNrOfMACdFlows, FALSE); @@ -28054,7 +28059,7 @@ dissect_nbap_NI_Information(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx static int dissect_nbap_NodeB_CommunicationContextID(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { -#line 2083 "../../asn1/nbap/nbap.cnf" +#line 2088 "../../asn1/nbap/nbap.cnf" /*Set up and map that maps Node-B ids to CRNC ids, since often you only have one of them present in nbap*/ nbap_com_context_id_t *cur_val; @@ -41069,7 +41074,7 @@ col_set_str(actx->pinfo->cinfo, COL_INFO,"RadioLinkReconfigurationCommit "); actx->pinfo->link_dir=P2P_DIR_DL; -#line 2132 "../../asn1/nbap/nbap.cnf" +#line 2137 "../../asn1/nbap/nbap.cnf" /* * Here we need to signal the CFN value, down to FP so * that lowert layers know when a reconfiguration becomes active |