diff options
author | Michal Labedzki <michal.labedzki@tieto.com> | 2014-08-21 12:05:04 +0200 |
---|---|---|
committer | Michal Labedzki <michal.labedzki@tieto.com> | 2014-08-21 10:23:26 +0000 |
commit | 6cae829602b06b9f11fbe96320399f8e53918e40 (patch) | |
tree | 1e4bbeb6c40bdb0f21e01a6ee46ebf71b1f92bb4 /epan/dissectors/packet-bthci_evt.c | |
parent | 8a0d4564cb9b9fd5aa2b2ba886f817082e44046f (diff) |
Bluetooth: HCI_EVT fix fuzz failture
Fix possible "Conditional jump or move depends on uninitialised value"
Bug: 10396
Change-Id: I2c57f8310f88c68ae921d7e5bd1c060d0df27b8e
Reviewed-on: https://code.wireshark.org/review/3769
Reviewed-by: Michal Labedzki <michal.labedzki@tieto.com>
Diffstat (limited to 'epan/dissectors/packet-bthci_evt.c')
-rw-r--r-- | epan/dissectors/packet-bthci_evt.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/epan/dissectors/packet-bthci_evt.c b/epan/dissectors/packet-bthci_evt.c index dd1eb0d4ac..81dec88280 100644 --- a/epan/dissectors/packet-bthci_evt.c +++ b/epan/dissectors/packet-bthci_evt.c @@ -3359,6 +3359,7 @@ dissect_bthci_evt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat guint8 param_length, evt_code; guint8 bd_addr[6]; gint offset = 0; + gint previous_offset = 0; hci_data_t *hci_data; /* Reject the packet if data is NULL */ @@ -3554,10 +3555,11 @@ dissect_bthci_evt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *dat break; case 0x2f: /* Extended Inquiry Result */ + previous_offset = offset; offset = dissect_bthci_evt_inq_result_with_rssi(tvb, offset, pinfo, bthci_evt_tree, bd_addr); call_dissector(btcommon_eir_handle, tvb_new_subset_length(tvb, offset, 240), pinfo, bthci_evt_tree); - save_remote_device_name(tvb, offset, pinfo, 240, bd_addr, hci_data); + save_remote_device_name(tvb, offset, pinfo, 240, (offset - previous_offset <= 1) ? NULL : bd_addr, hci_data); offset += 240; break; |