diff options
author | Gerald Combs <gerald@wireshark.org> | 2009-08-10 16:12:55 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2009-08-10 16:12:55 +0000 |
commit | c158c4ad69caa94d153f1f01e54a073d31ebd52e (patch) | |
tree | 5aef71500e8fcd06333f839c8a14172133f80c03 /wiretap | |
parent | 842d1be224087f6d6caf0e8d879ba6e67edaa3d6 (diff) |
Don't try to allocate more than WTAP_MAX_PACKET_SIZE. Fixes a crash
reported in bug 3849.
svn path=/trunk/; revision=29364
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/erf.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/wiretap/erf.c b/wiretap/erf.c index 5e88a64ddc..49bdaa9581 100644 --- a/wiretap/erf.c +++ b/wiretap/erf.c @@ -218,6 +218,13 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info _U_) /* The file_seek function do not return an error if the end of file is reached whereas the record is truncated */ + if (packet_size > WTAP_MAX_PACKET_SIZE) { + /* + * Probably a corrupt capture file; don't blow up trying + * to allocate space for an immensely-large packet. + */ + return 0; + } buffer=g_malloc(packet_size); r = file_read(buffer, 1, packet_size, wth->fh); g_free(buffer); |