diff options
author | Evan Huus <eapache@gmail.com> | 2015-04-19 20:19:54 -0400 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2015-04-21 01:05:17 +0000 |
commit | c35f2ccb4433718416551cc7a85afb0860529d57 (patch) | |
tree | 64ece47db5e31786e40769e0050374bed3767986 /epan/reassemble.c | |
parent | 63e294bead717645893b1c9b0f12370b6564ee8d (diff) |
reassembly: address a 15-year old XXX comment
Question: "what if we didn't capture the entire fragment due to a too-short
snapshot length?"
Answer: An assertion fails and we leak a bunch of memory.
Don't do that.
Bug: 11129
Change-Id: I0adfb217f0e66ae8f5f6255a4caf7ff940826b59
Reviewed-on: https://code.wireshark.org/review/8128
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/reassemble.c')
-rw-r--r-- | epan/reassemble.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/epan/reassemble.c b/epan/reassemble.c index c7bb6a51b3..811fd2fb3f 100644 --- a/epan/reassemble.c +++ b/epan/reassemble.c @@ -1014,9 +1014,11 @@ fragment_add_work(fragment_head *fd_head, tvbuff_t *tvb, const int offset, /* If we have reached this point, the packet is not defragmented yet. * Save all payload in a buffer until we can defragment. - * XXX - what if we didn't capture the entire fragment due - * to a too-short snapshot length? */ + if (!tvb_bytes_exist(tvb, offset, fd->len)) { + g_slice_free(fragment_item, fd); + THROW(BoundsError); + } fd->tvb_data = tvb_clone_offset_len(tvb, offset, fd->len); LINK_FRAG(fd_head,fd); |