From b1ac6585bc5e2be9a71c9b72d228cc46d8b27b4b Mon Sep 17 00:00:00 2001
From: Evan Huus <eapache@gmail.com>
Date: Tue, 15 Jan 2013 16:51:55 +0000
Subject: Don't run past the end of a fragment array, either in the loop or by
 putting a useless sentinel in.

Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213

svn path=/trunk/; revision=47098
---
 epan/dissectors/packet-dcp-etsi.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'epan/dissectors')

diff --git a/epan/dissectors/packet-dcp-etsi.c b/epan/dissectors/packet-dcp-etsi.c
index 7d6609e317..a253cbb1f3 100644
--- a/epan/dissectors/packet-dcp-etsi.c
+++ b/epan/dissectors/packet-dcp-etsi.c
@@ -291,13 +291,11 @@ dissect_pft_fec_detailed(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
 
     /* make a list of the findex (offset) numbers of the fragments we have */
     fd = fragment_get(pinfo, seq, dcp_fragment_table);
-    for (fd_head = fd; fd_head != NULL; fd_head = fd_head->next) {
+    for (fd_head = fd; fd_head != NULL && fragments < fcount; fd_head = fd_head->next) {
       if(fd_head->data) {
         got[fragments++] = fd_head->offset; /* this is the findex of the fragment */
       }
     }
-    /* put a sentinel at the end */
-    got[fragments++] = fcount;
     /* have we got enough for Reed Solomon to try to correct ? */
     if(fragments>=rx_min) { /* yes, in theory */
       guint i,current_findex;
-- 
cgit v1.2.3