diff options
| author | Dario Lombardo <lomato@gmail.com> | 2016-08-25 10:18:11 +0200 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2016-09-02 20:00:20 +0000 |
| commit | 2ddb46dbee7fbb06014a39bc87586b45453a7eaa (patch) | |
| tree | 116a5fffeb2af468db5e09e936f9a69edd0758ac | |
| parent | f01190ca90a52eb6da98315d16a5fb6f753f8659 (diff) | |
btavctp: rework the reassemble routine (CID 1355682).
The CID is about the lack of check of wmem_tree_lookup32_le()
return value, but the old code worths a bit of rework.
Change-Id: I3adb868d2baa1c8aea3f914f7fb9fdf75f222960
Reviewed-on: https://code.wireshark.org/review/17322
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-btavctp.c | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/epan/dissectors/packet-btavctp.c b/epan/dissectors/packet-btavctp.c index 52f8701a28..25ce1cc09e 100644 --- a/epan/dissectors/packet-btavctp.c +++ b/epan/dissectors/packet-btavctp.c @@ -329,7 +329,6 @@ dissect_btavctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) call_data_dissector(next_tvb, pinfo, tree); } else if (packet_type == PACKET_TYPE_END) { - guint i_length = 0; fragments = (fragments_t *)wmem_tree_lookup32_array_le(reassembling, key); if (!(fragments && fragments->interface_id == interface_id && @@ -375,22 +374,16 @@ dissect_btavctp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) expert_add_info(pinfo, pitem, &ei_btavctp_unexpected_frame); call_data_dissector(next_tvb, pinfo, tree); } else { - guint8 *reassembled; + guint8 *reassembled = NULL; bluetooth_uuid_t uuid; for (i_frame = 1; i_frame <= fragments->count; ++i_frame) { fragment = (fragment_t *)wmem_tree_lookup32_le(fragments->fragment, i_frame); - length += fragment->length; - } - - reassembled = (guint8 *) wmem_alloc(pinfo->pool, length); - - for (i_frame = 1; i_frame <= fragments->count; ++i_frame) { - fragment = (fragment_t *)wmem_tree_lookup32_le(fragments->fragment, i_frame); - memcpy(reassembled + i_length, - fragment->data, - fragment->length); - i_length += fragment->length; + if (fragment) { + reassembled = (guint8*)wmem_realloc(pinfo->pool, reassembled, length + fragment->length); + memcpy(reassembled + length, fragment->data, fragment->length); + length += fragment->length; + } } next_tvb = tvb_new_child_real_data(tvb, reassembled, length, length); |