From b16d487cbc70a441d26a1052b22d1bb0132b1cbc Mon Sep 17 00:00:00 2001 From: Pascal Quantin Date: Fri, 28 Jul 2017 17:59:52 +0200 Subject: Modbus: do not trigger an exception before saving pkt_info structure Otherwise on second pass pkt_info is null, leading to a segmentation fault Bug: 13925 Change-Id: I61cfbee894506fb6c4205c9a2ad19e6973821f23 Reviewed-on: https://code.wireshark.org/review/22833 Reviewed-by: Pascal Quantin Petri-Dish: Pascal Quantin Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann --- epan/dissectors/packet-mbtcp.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/epan/dissectors/packet-mbtcp.c b/epan/dissectors/packet-mbtcp.c index 211a05af6e..332fef02bb 100644 --- a/epan/dissectors/packet-mbtcp.c +++ b/epan/dissectors/packet-mbtcp.c @@ -1568,13 +1568,17 @@ dissect_modbus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) if (*packet_type == QUERY_PACKET) { /*create the modbus_request frame. It holds the request information.*/ - modbus_request_info_t *frame_ptr = wmem_new(wmem_file_scope(), modbus_request_info_t); + modbus_request_info_t *frame_ptr = wmem_new0(wmem_file_scope(), modbus_request_info_t); + gint captured_length = tvb_captured_length(tvb); /* load information into the modbus request frame */ frame_ptr->fnum = pinfo->num; frame_ptr->function_code = function_code; - pkt_info->reg_base = frame_ptr->base_address = tvb_get_ntohs(tvb, 1); - pkt_info->num_reg = frame_ptr->num_reg = tvb_get_ntohs(tvb, 3); + if (captured_length >= 3) { + pkt_info->reg_base = frame_ptr->base_address = tvb_get_ntohs(tvb, 1); + if (captured_length >= 5) + pkt_info->num_reg = frame_ptr->num_reg = tvb_get_ntohs(tvb, 3); + } wmem_list_prepend(modbus_conv_data->modbus_request_frame_data, frame_ptr); } -- cgit v1.2.3