diff options
author | Gerald Combs <gerald@wireshark.org> | 2020-11-05 17:37:13 -0800 |
---|---|---|
committer | Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2020-11-07 19:51:20 +0000 |
commit | d5f2657825e63e4126ebd7d13a59f3c6e8a9e4e1 (patch) | |
tree | bd35710a6b6e174de46bdf2f8848411776ce4c73 /epan/to_str.c | |
parent | 51145c62e6629f1f967dd2666669a437828c898a (diff) |
epan: Limit our bits in decode_bits_in_field.
Limit the number of bits we process in decode_bits_in_field, otherwise
we'll overrun our buffer. Fixes #16958.
Diffstat (limited to 'epan/to_str.c')
-rw-r--r-- | epan/to_str.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/epan/to_str.c b/epan/to_str.c index 14651c4d22..a326c2cf3b 100644 --- a/epan/to_str.c +++ b/epan/to_str.c @@ -972,13 +972,13 @@ rel_time_to_secs_str(wmem_allocator_t *scope, const nstime_t *rel_time) char * decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint64 value) { - guint64 mask = 0,tmp; + guint64 mask; char *str; int bit, str_p = 0; int i; + int max_bits = MIN(64, no_of_bits); - mask = 1; - mask = mask << (no_of_bits-1); + mask = G_GUINT64_CONSTANT(1) << (max_bits-1); /* Prepare the string, 256 pos for the bits and zero termination, + 64 for the spaces */ str=(char *)wmem_alloc0(wmem_packet_scope(), 256+64); @@ -992,7 +992,7 @@ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint6 } /* read the bits for the int */ - for(i=0;i<no_of_bits;i++){ + for(i=0;i<max_bits;i++){ if(bit&&(!(bit%4))){ str[str_p] = ' '; str_p++; @@ -1002,8 +1002,7 @@ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint6 str_p++; } bit++; - tmp = value & mask; - if(tmp != 0){ + if((value & mask) != 0){ str[str_p] = '1'; str_p++; } else { |