diff options
author | Michal Labedzki <michal.labedzki@tieto.com> | 2014-06-18 17:10:09 +0200 |
---|---|---|
committer | Michal Labedzki <michal.labedzki@tieto.com> | 2014-06-22 16:56:48 +0000 |
commit | 10fc6e253195dced1c00d59e4fbe3d020ecb739d (patch) | |
tree | 50c6ea50efc00393d274b68b3b6b78e1b4476615 /epan/dissectors/packet-btavdtp.c | |
parent | 164af0050dd070109f4aaa5fdd3f23b41ebaa98d (diff) |
Bluetooth: A2DP: Fix fuzz failture
Fix invalid structure casting by using defaults values,
this also fix DecodeAs for A2DP.
Do the same for VDP.
Change-Id: I360787af648ed65205eb54732ab6d88f8532cf15
Reviewed-on: https://code.wireshark.org/review/2551
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Diffstat (limited to 'epan/dissectors/packet-btavdtp.c')
-rw-r--r-- | epan/dissectors/packet-btavdtp.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/epan/dissectors/packet-btavdtp.c b/epan/dissectors/packet-btavdtp.c index 164d9d4a5f..36e5c00815 100644 --- a/epan/dissectors/packet-btavdtp.c +++ b/epan/dissectors/packet-btavdtp.c @@ -2728,6 +2728,10 @@ dissect_bta2dp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) dissector_handle_t codec_dissector = NULL; bta2dp_codec_info_t bta2dp_codec_info; sep_data_t sep_data; + gboolean no_avdtp_session; + + no_avdtp_session = (proto_btavdtp != (gint) GPOINTER_TO_UINT(wmem_list_frame_data( + wmem_list_frame_prev(wmem_list_tail(pinfo->layers))))); sep_data.codec = CODEC_SBC; sep_data.content_protection_type = 0; @@ -2742,15 +2746,15 @@ dissect_bta2dp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) if (force_a2dp_scms_t || force_a2dp_codec != CODEC_DEFAULT) { if (force_a2dp_scms_t) sep_data.content_protection_type = 2; - else if (data) + else if (data && !no_avdtp_session) sep_data.content_protection_type = ((sep_data_t *) data)->content_protection_type; if (force_a2dp_codec != CODEC_DEFAULT) sep_data.codec = force_a2dp_codec; - else if (data) + else if (data && !no_avdtp_session) sep_data.codec = ((sep_data_t *) data)->codec; } else { - if (data) + if (data && !no_avdtp_session) sep_data = *((sep_data_t *) data); } @@ -2942,24 +2946,33 @@ dissect_btvdp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) dissector_handle_t codec_dissector = NULL; btvdp_codec_info_t btvdp_codec_info; sep_data_t sep_data; + gboolean no_avdtp_session; + + no_avdtp_session = (proto_btavdtp != (gint) GPOINTER_TO_UINT(wmem_list_frame_data( + wmem_list_frame_prev(wmem_list_tail(pinfo->layers))))); sep_data.codec = CODEC_H263_BASELINE; sep_data.content_protection_type = 0; sep_data.acp_seid = 0; sep_data.int_seid = 0; + sep_data.previous_media_packet_info = NULL; + sep_data.current_media_packet_info = NULL; + sep_data.stream_number = 1; + sep_data.vendor_id = 0; + sep_data.vendor_codec = 0; if (force_vdp_scms_t || force_vdp_codec) { if (force_vdp_scms_t) sep_data.content_protection_type = 2; - else if (data) + else if (data && !no_avdtp_session) sep_data.content_protection_type = ((sep_data_t *) data)->content_protection_type; if (force_vdp_codec) sep_data.codec = force_vdp_codec; - else if (data) + else if (data && !no_avdtp_session) sep_data.codec = ((sep_data_t *) data)->codec; } else { - if (data) + if (data && !no_avdtp_session) sep_data = *((sep_data_t *) data); } |