Don't try to allocate more than WTAP_MAX_PACKET_SIZE. Fixes a crash

reported in bug 3849. svn path=/trunk/; revision=29364
author: Gerald Combs <gerald@wireshark.org> 2009-08-10 16:12:55 +0000
committer: Gerald Combs <gerald@wireshark.org> 2009-08-10 16:12:55 +0000
commit: c158c4ad69caa94d153f1f01e54a073d31ebd52e (patch)
tree: 5aef71500e8fcd06333f839c8a14172133f80c03 /wiretap
parent: 842d1be224087f6d6caf0e8d879ba6e67edaa3d6 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/wiretap/erf.c b/wiretap/erf.c
index 5e88a64ddc..49bdaa9581 100644
--- a/wiretap/erf.c
+++ b/wiretap/erf.c
@@ -218,6 +218,13 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info _U_)
 
     /* The file_seek function do not return an error if the end of file
        is reached whereas the record is truncated */
+    if (packet_size > WTAP_MAX_PACKET_SIZE) {
+      /*
+       * Probably a corrupt capture file; don't blow up trying
+       * to allocate space for an immensely-large packet.
+       */
+      return 0;
+    }
     buffer=g_malloc(packet_size);
     r = file_read(buffer, 1, packet_size, wth->fh);
     g_free(buffer);
author	Gerald Combs <gerald@wireshark.org>	2009-08-10 16:12:55 +0000
committer	Gerald Combs <gerald@wireshark.org>	2009-08-10 16:12:55 +0000
commit	c158c4ad69caa94d153f1f01e54a073d31ebd52e (patch)
tree	5aef71500e8fcd06333f839c8a14172133f80c03 /wiretap
parent	842d1be224087f6d6caf0e8d879ba6e67edaa3d6 (diff)