reassembly: address a 15-year old XXX comment

Question: "what if we didn't capture the entire fragment due to a too-short snapshot length?" Answer: An assertion fails and we leak a bunch of memory. Don't do that. Bug: 11129 Change-Id: I0adfb217f0e66ae8f5f6255a4caf7ff940826b59 Reviewed-on: https://code.wireshark.org/review/8128 Petri-Dish: Evan Huus <eapache@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Evan Huus <eapache@gmail.com>
author: Evan Huus <eapache@gmail.com> 2015-04-19 20:19:54 -0400
committer: Evan Huus <eapache@gmail.com> 2015-04-21 01:05:17 +0000
commit: c35f2ccb4433718416551cc7a85afb0860529d57 (patch)
tree: 64ece47db5e31786e40769e0050374bed3767986 /epan/reassemble.c
parent: 63e294bead717645893b1c9b0f12370b6564ee8d (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/epan/reassemble.c b/epan/reassemble.c
index c7bb6a51b3..811fd2fb3f 100644
--- a/epan/reassemble.c
+++ b/epan/reassemble.c
@@ -1014,9 +1014,11 @@ fragment_add_work(fragment_head *fd_head, tvbuff_t *tvb, const int offset,
 
 	/* If we have reached this point, the packet is not defragmented yet.
 	 * Save all payload in a buffer until we can defragment.
-	 * XXX - what if we didn't capture the entire fragment due
-	 * to a too-short snapshot length?
 	 */
+	if (!tvb_bytes_exist(tvb, offset, fd->len)) {
+		g_slice_free(fragment_item, fd);
+		THROW(BoundsError);
+	}
 	fd->tvb_data = tvb_clone_offset_len(tvb, offset, fd->len);
 	LINK_FRAG(fd_head,fd);
author	Evan Huus <eapache@gmail.com>	2015-04-19 20:19:54 -0400
committer	Evan Huus <eapache@gmail.com>	2015-04-21 01:05:17 +0000
commit	c35f2ccb4433718416551cc7a85afb0860529d57 (patch)
tree	64ece47db5e31786e40769e0050374bed3767986 /epan/reassemble.c
parent	63e294bead717645893b1c9b0f12370b6564ee8d (diff)