From Martin Kaiser: Fix forBug #6048 (fuzztest crash)

"this is caused by my newly added DVB-CI MMI code

endless loop when dissect_dvbci_text() returns 0 because the text pseudo-apdu
is invalid"

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6048


git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@37743 f5534014-38df-0310-8fa8-9805f1628bb7

1 files changed, 9 insertions, 0 deletions

diff --git a/epan/dissectors/packet-dvbci.c b/epan/dissectors/packet-dvbci.c
index b51973b087..8b82af56a2 100644
--- a/epan/dissectors/packet-dvbci.c
+++ b/epan/dissectors/packet-dvbci.c
@@ -1310,6 +1310,15 @@ dissect_dvbci_payload_mmi(guint32 tag, gint len_field,
             offset += text_len;
             while (tvb_reported_length_remaining(tvb, offset)) {
                 text_len = dissect_dvbci_text("Item", tvb, offset, pinfo, tree);
+                /* minimum is apdu tag + 1 byte len field */
+                if (text_len<APDU_TAG_SIZE+1) {
+                    pi = proto_tree_add_text(
+                            tree, tvb, offset, -1, "Invalid item");
+                    expert_add_info_format(
+                            pinfo, pi, PI_MALFORMED, PI_ERROR,
+                            "Items must be text_more() or text_last() objects");
+                    return;
+                }
                 offset += text_len;
             }
             break;