diff options
author | Guy Harris <guy@alum.mit.edu> | 2005-09-25 09:32:01 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2005-09-25 09:32:01 +0000 |
commit | 0e17a773b9af7e5c3c4b3441036b1801ebd0562c (patch) | |
tree | 1ef2b8a6de0ca12e26f120872033ecff6873bfa4 /asn1/gsmmap/packet-gsm_map-template.c | |
parent | 2d14a6f4ae621d959e5bfa2134ce97739ad52797 (diff) |
A loop processing all the bytes in a tvbuff from a given offset to the
end of the data in the tvbuff should stop when the offset is >= the
total amount of data in the tvbuff, not when it's > the total amount in
the tvbuff following the starting offset.
In "unpack_digits()", return a null string, not a null pointer, if
there's nothing left in the tvbuff starting at the starting offset, so
that the caller doesn't have to check for a null pointer, and return an
ep_alloc()ed buffer, so the caller doesn't have to worry about freeing
the result.
If we see a filler digit, don't advance the offset in the string buffer;
we want to put the terminating '\0' right after the character we just
put into the string.
Fuzzed against some GSM captures.
svn path=/trunk/; revision=16002
Diffstat (limited to 'asn1/gsmmap/packet-gsm_map-template.c')
-rw-r--r-- | asn1/gsmmap/packet-gsm_map-template.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/asn1/gsmmap/packet-gsm_map-template.c b/asn1/gsmmap/packet-gsm_map-template.c index d434f324d9..03fba0c0f7 100644 --- a/asn1/gsmmap/packet-gsm_map-template.c +++ b/asn1/gsmmap/packet-gsm_map-template.c @@ -37,6 +37,7 @@ #include <epan/prefs.h> #include <epan/conversation.h> #include <epan/tap.h> +#include <epan/emem.h> #include <stdio.h> #include <string.h> @@ -131,14 +132,13 @@ unpack_digits(tvbuff_t *tvb, int offset){ length = tvb_length(tvb); if (length < offset) - return NULL; - length = length - offset; - digit_str = g_malloc(length*2+1); + return ""; + digit_str = ep_alloc((length - offset)*2+1); - while ( offset <= length ){ + while ( offset < length ){ octet = tvb_get_guint8(tvb,offset); - digit_str[i] = ((octet & 0x0f) + 0x30); + digit_str[i] = ((octet & 0x0f) + '0'); i++; /* @@ -146,12 +146,10 @@ unpack_digits(tvbuff_t *tvb, int offset){ */ octet = octet >> 4; - if (octet == 0x0f){ /* odd number bytes - hit filler */ - i++; + if (octet == 0x0f) /* odd number bytes - hit filler */ break; - } - digit_str[i] = ((octet & 0x0f) + 0x30); + digit_str[i] = ((octet & 0x0f) + '0'); i++; offset++; |