diff options
| author | Evan Huus <eapache@gmail.com> | 2012-07-21 19:18:12 +0000 |
|---|---|---|
| committer | Evan Huus <eapache@gmail.com> | 2012-07-21 19:18:12 +0000 |
| commit | 700524155d7350c80fc2de3946cd71bf2e4852eb (patch) | |
| tree | 674d619064c5082647632a4f383e704c6fca2d19 /epan/dissectors/packet-reload-framing.c | |
| parent | 7b7ab4c70e3823c71e9826edab80af344b143623 (diff) | |
Fix mis-allocated key size as caught by valgrind.
We have to divide the 'length' field to work with guint32 pointer arithmetic,
but we still want to allocate and memcpy the original length value, since
both of those operate in raw bytes, not blocks of sizeof(guint32).
svn path=/trunk/; revision=43901
Diffstat (limited to 'epan/dissectors/packet-reload-framing.c')
| -rw-r--r-- | epan/dissectors/packet-reload-framing.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/epan/dissectors/packet-reload-framing.c b/epan/dissectors/packet-reload-framing.c index 4e28bc3eb6..04a9c02140 100644 --- a/epan/dissectors/packet-reload-framing.c +++ b/epan/dissectors/packet-reload-framing.c @@ -178,19 +178,24 @@ dissect_reload_framing_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tr transaction_id_key[0].length = 1; transaction_id_key[0].key = &sequence; /* sequence number */ + /* When the se_tree_* functions iterate through the keys, they + * perform pointer arithmetic with guint32s, so we have to divide + * our length fields by that to make things work, but we still want + * to g_malloc and memcpy the entire amounts, since those both operate + * in raw bytes. */ if (type==DATA) { transaction_id_key[1].length = 1; transaction_id_key[1].key = &pinfo->srcport; - transaction_id_key[2].length = (pinfo->src.len)>>2; - transaction_id_key[2].key = g_malloc(transaction_id_key[2].length); - memcpy(transaction_id_key[2].key, pinfo->src.data, transaction_id_key[2].length); + transaction_id_key[2].length = (pinfo->src.len) / sizeof(guint32); + transaction_id_key[2].key = g_malloc(pinfo->src.len); + memcpy(transaction_id_key[2].key, pinfo->src.data, pinfo->src.len); } else { transaction_id_key[1].length = 1; transaction_id_key[1].key = &pinfo->destport; - transaction_id_key[2].length = (pinfo->dst.len)>>2; - transaction_id_key[2].key = g_malloc(transaction_id_key[2].length); - memcpy(transaction_id_key[2].key, pinfo->dst.data, transaction_id_key[2].length); + transaction_id_key[2].length = (pinfo->dst.len) / sizeof(guint32); + transaction_id_key[2].key = g_malloc(pinfo->dst.len); + memcpy(transaction_id_key[2].key, pinfo->dst.data, pinfo->dst.len); } transaction_id_key[3].length=0; transaction_id_key[3].key=NULL; |