diff options
| author | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2013-07-01 05:23:17 +0000 |
|---|---|---|
| committer | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2013-07-01 05:23:17 +0000 |
| commit | 8976968f4ca89a2ae967b38a89f734f0e8fd9135 (patch) | |
| tree | 9e578f5c8fa9f9f9aa2acac69a22aed6b4152d22 /epan | |
| parent | b1197f177aed53085a3ec9fcb5917bc558c9bf3f (diff) | |
There are a few dissectors that pass the return value of tvb_length_remaining() as the size argument to the tvb_format_*() functions. Try to do something sane if that value happens to be -1 (or negative in general). One such example is packet-bthfp.c, as found and reported by Coverity in CID 1035325 (Improper use of negative value).
Note: There are other ways to handle this of course, but this fix is suitable for backporting to both 1.10 and 1.8, as it does not break binary compatibility. Is there a better way to fix this though? For now, schedule this for backport.
svn path=/trunk/; revision=50282
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/tvbuff.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/epan/tvbuff.c b/epan/tvbuff.c index 29799e5017..0b9d8fbeab 100644 --- a/epan/tvbuff.c +++ b/epan/tvbuff.c @@ -2259,12 +2259,13 @@ tvb_get_ephemeral_faked_unicode(tvbuff_t *tvb, int offset, const int len, const /* * Format the data in the tvb from offset for length ... */ - gchar * tvb_format_text(tvbuff_t *tvb, const gint offset, const gint size) { const guint8 *ptr; - gint len = size; + gint len; + + len = (size > 0) ? size : 0; if ((ptr = ensure_contiguous(tvb, offset, size)) == NULL) { len = tvb_length_remaining(tvb, offset); @@ -2277,12 +2278,13 @@ tvb_format_text(tvbuff_t *tvb, const gint offset, const gint size) /* * Format the data in the tvb from offset for length ... */ - gchar * tvb_format_text_wsp(tvbuff_t *tvb, const gint offset, const gint size) { const guint8 *ptr; - gint len = size; + gint len; + + len = (size > 0) ? size : 0; if ((ptr = ensure_contiguous(tvb, offset, size)) == NULL) { @@ -2292,7 +2294,6 @@ tvb_format_text_wsp(tvbuff_t *tvb, const gint offset, const gint size) } return format_text_wsp(ptr, len); - } /* @@ -2303,9 +2304,11 @@ gchar * tvb_format_stringzpad(tvbuff_t *tvb, const gint offset, const gint size) { const guint8 *ptr, *p; - gint len = size; + gint len; gint stringlen; + len = (size > 0) ? size : 0; + if ((ptr = ensure_contiguous(tvb, offset, size)) == NULL) { len = tvb_length_remaining(tvb, offset); @@ -2316,7 +2319,6 @@ tvb_format_stringzpad(tvbuff_t *tvb, const gint offset, const gint size) for (p = ptr, stringlen = 0; stringlen < len && *p != '\0'; p++, stringlen++) ; return format_text(ptr, stringlen); - } /* @@ -2327,9 +2329,11 @@ gchar * tvb_format_stringzpad_wsp(tvbuff_t *tvb, const gint offset, const gint size) { const guint8 *ptr, *p; - gint len = size; + gint len; gint stringlen; + len = (size > 0) ? size : 0; + if ((ptr = ensure_contiguous(tvb, offset, size)) == NULL) { len = tvb_length_remaining(tvb, offset); @@ -2340,7 +2344,6 @@ tvb_format_stringzpad_wsp(tvbuff_t *tvb, const gint offset, const gint size) for (p = ptr, stringlen = 0; stringlen < len && *p != '\0'; p++, stringlen++) ; return format_text_wsp(ptr, stringlen); - } /* |