From 50945da41ce437aa10a76a02f86d8399bd194b7e Mon Sep 17 00:00:00 2001
From: Martin Kaiser <wireshark@kaiser.cx>
Date: Sat, 22 Dec 2012 22:35:07 +0000
Subject: check the length parameter for tvb_get_unicode_string() and
 tvb_get_ephemeral_unicode_string(), throw an exception for invalid lengths
 (including -1, but length==-1 does not work for other tvb string functions
 either)

I believe this is the proper fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112

svn path=/trunk/; revision=46705
---
 epan/tvbuff.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'epan/tvbuff.c')

diff --git a/epan/tvbuff.c b/epan/tvbuff.c
index 5246159055..96bae3108d 100644
--- a/epan/tvbuff.c
+++ b/epan/tvbuff.c
@@ -2363,6 +2363,8 @@ tvb_get_unicode_string(tvbuff_t *tvb, const gint offset, gint length, const guin
 	gint       i;           /* Byte counter for tvbuff */
 	GString   *strbuf = NULL;
 
+	tvb_ensure_bytes_exist(tvb, offset, length);
+
 	strbuf = g_string_new(NULL);
 
 	for(i = 0; i < length; i += 2) {
@@ -2499,6 +2501,8 @@ tvb_get_ephemeral_unicode_string(tvbuff_t *tvb, const gint offset, gint length,
 	gint           tmpbuf_len;
 	emem_strbuf_t *strbuf = NULL;
 
+	tvb_ensure_bytes_exist(tvb, offset, length);
+
 	strbuf = ep_strbuf_new(NULL);
 
 	for(i = 0; i < length; i += 2) {
-- 
cgit v1.2.3