diff options
author | Gerald Combs <gerald@wireshark.org> | 2024-02-20 14:28:59 -0800 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2024-02-21 01:00:29 +0000 |
commit | 46c652102f432577961cac534f20fc88fa6c11cf (patch) | |
tree | f5114f428a81f94506ae7957c577097920af6af5 | |
parent | ff93425a66fe6ddb83503cc2f679542ff4a9a4f0 (diff) |
JPEG: Add a recursion check
Fix
```
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:773:1: warning: function 'process_tiff_ifd_chain' is within a recursive call chain [misc-no-recursion]
773 | process_tiff_ifd_chain(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo,
| ^
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:773:1: note: example recursive call chain, starting from function 'process_tiff_ifd_chain'
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:896:37: note: Frame #1: function 'process_tiff_ifd_chain' calls function 'process_tiff_ifd_chain' here:
896 | process_tiff_ifd_chain(tree, tvb, pinfo, encoding,
| ^
/builds/wireshark/wireshark/epan/dissectors/file-jpeg.c:896:37: note: ... which was the starting point of the recursive call chain; there may be other cycles
```
-rw-r--r-- | epan/dissectors/file-jpeg.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/epan/dissectors/file-jpeg.c b/epan/dissectors/file-jpeg.c index 4c492edcea..61e4ce5157 100644 --- a/epan/dissectors/file-jpeg.c +++ b/epan/dissectors/file-jpeg.c @@ -25,6 +25,7 @@ #include "config.h" #include <epan/packet.h> +#include <epan/proto_data.h> #include <epan/expert.h> #include <wiretap/wtap.h> @@ -45,6 +46,8 @@ void proto_reg_handoff_jfif(void); #define DebugLog(x) ; #endif +#define MAX_RECURSION_DEPTH 10 // Arbitrarily chosen. + /************************** Variable declarations **************************/ #define MARKER_TEM 0xFF01 @@ -770,6 +773,7 @@ process_app0_segment(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, guint3 } static void +// NOLINTNEXTLINE(misc-no-recursion) process_tiff_ifd_chain(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, guint encoding, guint32 start_ifd_offset, int hf_tag, const char *ifd_type_desc) @@ -893,9 +897,13 @@ process_tiff_ifd_chain(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, if (extension_ifd_type_desc) { if (extension_ifd_offset < tvb_reported_length(tvb)) { + unsigned recursion_depth = p_get_proto_depth(pinfo, proto_jfif); + DISSECTOR_ASSERT(recursion_depth <= MAX_RECURSION_DEPTH); + p_set_proto_depth(pinfo, proto_jfif, recursion_depth + 1); process_tiff_ifd_chain(tree, tvb, pinfo, encoding, extension_ifd_offset, extension_hf_ifd_tag, extension_ifd_type_desc); + p_set_proto_depth(pinfo, proto_jfif, recursion_depth); } else { expert_add_info_format(pinfo, value_item, &ei_start_ifd_offset, "bogus, should be < %u", tvb_reported_length(tvb)); |