diff options
author | Balint Reczey <balint.reczey@ericsson.com> | 2008-11-11 13:32:51 +0000 |
---|---|---|
committer | Balint Reczey <balint.reczey@ericsson.com> | 2008-11-11 13:32:51 +0000 |
commit | 41723a5ef23c6a87baefa58a4ca69ae0d864f132 (patch) | |
tree | 07da4597fed227cf9d614b959ce8b714dd688c7a /epan/ftypes | |
parent | f9c07203cb57481c8f845a6c0c179c1552e688db (diff) |
Signal error on field values that cannot be safely represented as strings instead of crashing.
This fixes bug 2845.
svn path=/trunk/; revision=26749
Diffstat (limited to 'epan/ftypes')
-rw-r--r-- | epan/ftypes/ftype-tvbuff.c | 2 | ||||
-rw-r--r-- | epan/ftypes/ftypes.c | 8 | ||||
-rw-r--r-- | epan/ftypes/ftypes.h | 7 |
3 files changed, 14 insertions, 3 deletions
diff --git a/epan/ftypes/ftype-tvbuff.c b/epan/ftypes/ftype-tvbuff.c index c4449a12d1..135de1d0be 100644 --- a/epan/ftypes/ftype-tvbuff.c +++ b/epan/ftypes/ftype-tvbuff.c @@ -130,7 +130,7 @@ val_repr_len(fvalue_t *fv, ftrepr_t rtype) { guint length; - g_assert(rtype == FTREPR_DFILTER); + if (rtype != FTREPR_DFILTER) return -1; length = tvb_length(fv->value.tvb); /* 3 bytes for each byte of the byte "NN:" minus 1 byte * as there's no trailing ":". */ diff --git a/epan/ftypes/ftypes.c b/epan/ftypes/ftypes.c index 25084237a9..49b1a20f27 100644 --- a/epan/ftypes/ftypes.c +++ b/epan/ftypes/ftypes.c @@ -303,7 +303,13 @@ fvalue_to_string_repr(fvalue_t *fv, ftrepr_t rtype, char *buf) { g_assert(fv->ftype->val_to_string_repr); if (!buf) { - buf = g_malloc0(fvalue_string_repr_len(fv, rtype) + 1); + int len; + if ((len = fvalue_string_repr_len(fv, rtype)) >= 0) { + buf = g_malloc0(len + 1); + } else { + /* the value cannot be represented in the given representation type (rtype) */ + return NULL; + } } fv->ftype->val_to_string_repr(fv, rtype, buf); return buf; diff --git a/epan/ftypes/ftypes.h b/epan/ftypes/ftypes.h index c2f52186ae..edfdc92bb0 100644 --- a/epan/ftypes/ftypes.h +++ b/epan/ftypes/ftypes.h @@ -280,6 +280,9 @@ fvalue_from_string(ftenum_t ftype, char *s, LogFunc logfunc); /* Returns the length of the string required to hold the * string representation of the the field value. + * + * Returns -1 if the string cannot be represented in the given rtype. + * * The length DOES NOT include the terminating NUL. */ int fvalue_string_repr_len(fvalue_t *fv, ftrepr_t rtype); @@ -291,7 +294,9 @@ fvalue_string_repr_len(fvalue_t *fv, ftrepr_t rtype); * The pointer to the beginning of the string representation is * returned. If 'buf' was NULL, this points to the newly-allocated * memory. if 'buf' was non-NULL, then the return value will be - * 'buf'. */ + * 'buf'. + * + * Returns NULL if the string cannot be represented in the given rtype.*/ extern char * fvalue_to_string_repr(fvalue_t *fv, ftrepr_t rtype, char *buf); |