RLC: fix a stack overflow in rlc_decode_li function

The test to check whether the array was full or not was off by 1 Bug: 12664 Change-Id: If2057b71d92c7f03e05b0f4676abc62d5a03ae73 Reviewed-on: https://code.wireshark.org/review/16640 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
author: Pascal Quantin <pascal.quantin@gmail.com> 2016-07-25 09:54:06 +0200
committer: Pascal Quantin <pascal.quantin@gmail.com> 2016-07-25 07:58:02 +0000
commit: 47a5fa850b388fcf4ea762073806f01b459820fe (patch)
tree: a9075ad01c2085a832fbf088f2029a08d0dcbd35
parent: 55069dad4a1f0c61e5f9c349389cecff0130cf32 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/epan/dissectors/packet-rlc.c b/epan/dissectors/packet-rlc.c
index e346a9075b..d573fed329 100644
--- a/epan/dissectors/packet-rlc.c
+++ b/epan/dissectors/packet-rlc.c
@@ -1813,7 +1813,7 @@ rlc_decode_li(enum rlc_mode mode, tvbuff_t *tvb, packet_info *pinfo, proto_tree
         li[num_li].tree = tree_add_li(mode, &li[num_li], num_li, li_offs, li_on_2_bytes, tvb, tree);
         num_li++;
 
-        if (num_li > max_li) {
+        if (num_li >= max_li) {
             /* OK, so this is not really a malformed packet, but for now,
             * we will treat it as such, so that it is marked in some way */
             expert_add_info(pinfo, li[num_li-1].tree, &ei_rlc_li_too_many);
author	Pascal Quantin <pascal.quantin@gmail.com>	2016-07-25 09:54:06 +0200
committer	Pascal Quantin <pascal.quantin@gmail.com>	2016-07-25 07:58:02 +0000
commit	47a5fa850b388fcf4ea762073806f01b459820fe (patch)
tree	a9075ad01c2085a832fbf088f2029a08d0dcbd35
parent	55069dad4a1f0c61e5f9c349389cecff0130cf32 (diff)