diff options
author | Guy Harris <guy@alum.mit.edu> | 2018-04-09 22:34:45 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2018-04-10 05:35:38 +0000 |
commit | 7c3f8484ecf436c121fce890a70be22b3da80e23 (patch) | |
tree | 8ce51fffcd9a3ab6e9ec7636dd54b6c5e05d6248 /epan/dissectors | |
parent | 70a1d1c2e54850e2565bc9d4835709c72cab76ad (diff) |
The message length is unsigned, not signed; treat it as such.
Add explicit checks for values that don't fit in a gint, rather than
relying on testing for < 1 catching that case.
Change-Id: I4181087e3499537da88117b710d56c6b5fe9ceaa
Reviewed-on: https://code.wireshark.org/review/26843
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/dissectors')
-rw-r--r-- | epan/dissectors/packet-m2pa.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/epan/dissectors/packet-m2pa.c b/epan/dissectors/packet-m2pa.c index f298cdd285..6dffc35433 100644 --- a/epan/dissectors/packet-m2pa.c +++ b/epan/dissectors/packet-m2pa.c @@ -362,8 +362,8 @@ dissect_v2_message_data(tvbuff_t *message_tvb, packet_info *pinfo, proto_item *m guint16 type; tvbuff_t *message_data_tvb; - message_data_length = (gint) tvb_get_ntohl(message_tvb, V2_LENGTH_OFFSET); - if ((gint) message_data_length < 1) { + message_data_length = tvb_get_ntohl(message_tvb, V2_LENGTH_OFFSET); + if (message_data_length < 1 || message_data_length > G_MAXINT) { proto_tree_add_expert_format(m2pa_tree, pinfo, &ei_length, message_tvb, V2_LENGTH_OFFSET, 4, "Invalid message data length: %u", message_data_length); return; @@ -394,7 +394,7 @@ dissect_v8_message_data(tvbuff_t *message_tvb, packet_info *pinfo, proto_item *m tvbuff_t *message_data_tvb; message_data_length = tvb_get_ntohl(message_tvb, V8_LENGTH_OFFSET) - V8_HEADER_LENGTH; - if ((gint) message_data_length < 1) { + if (message_data_length < 1 || message_data_length > G_MAXINT) { proto_tree_add_expert_format(m2pa_tree, pinfo, &ei_length, message_tvb, V8_LENGTH_OFFSET, 4, "Invalid message data length: %u", message_data_length); return; |