diff options
| author | Pascal Quantin <pascal.quantin@gmail.com> | 2016-07-25 09:37:25 +0200 |
|---|---|---|
| committer | Pascal Quantin <pascal.quantin@gmail.com> | 2016-07-25 08:18:00 +0000 |
| commit | 6cf9616df68a4db7e436bb77392586ff9ad84feb (patch) | |
| tree | 737acbd3f9f931bb75c2897b441af59100f640b4 | |
| parent | 47a5fa850b388fcf4ea762073806f01b459820fe (diff) | |
RLC: fix a variable overflow in rlc_decode_li function
Bug: 12660
Change-Id: I20a423eb9aa72383ac28d176bc60751ed36be9bd
Reviewed-on: https://code.wireshark.org/review/16639
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
| -rw-r--r-- | epan/dissectors/packet-rlc.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/epan/dissectors/packet-rlc.c b/epan/dissectors/packet-rlc.c index d573fed329..6d43b0cfd8 100644 --- a/epan/dissectors/packet-rlc.c +++ b/epan/dissectors/packet-rlc.c @@ -660,12 +660,12 @@ add_description(proto_item *li_ti, proto_item *length_ti, /* add information for an LI to 'tree' */ static proto_tree * -tree_add_li(enum rlc_mode mode, struct rlc_li *li, guint8 li_idx, guint8 hdr_offs, +tree_add_li(enum rlc_mode mode, struct rlc_li *li, guint8 li_idx, guint32 hdr_offs, gboolean li_is_on_2_bytes, tvbuff_t *tvb, proto_tree *tree) { proto_item *root_ti, *ti; proto_tree *li_tree; - guint8 li_offs; + guint32 li_offs; guint64 length; if (!tree) return NULL; @@ -1697,7 +1697,8 @@ static gint16 rlc_decode_li(enum rlc_mode mode, tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, struct rlc_li *li, guint8 max_li, gboolean li_on_2_bytes) { - guint8 ext, hdr_len, offs = 0, num_li = 0, li_offs; + guint32 hdr_len, offs = 0, li_offs; + guint8 ext, num_li = 0; guint16 next_bytes, prev_li = 0; proto_item *malformed; guint16 total_len; |