diff options
| author | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2013-07-01 03:44:41 +0000 |
|---|---|---|
| committer | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2013-07-01 03:44:41 +0000 |
| commit | b1197f177aed53085a3ec9fcb5917bc558c9bf3f (patch) | |
| tree | 25053898cbe7a8435ecf4c5cfc0ecc20b1f7a3f9 /epan | |
| parent | 53d35145939e8721baba2bfba6b2089d4240a62b (diff) | |
Fix Coverity CID 1040636 (Out-of-bounds read) by changing the loop termination condition from "i < ZBEE_ZCL_NUM_ATTR_ETT" to "i < ZBEE_ZCL_APPL_CTRL_NUM_FUNC_ETT". The former is defined as 64 while the latter is defined as 32 and ett_zbee_zcl_appl_ctrl_func[], which is indexed within the loop, has only 32 entries.
svn path=/trunk/; revision=50281
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-zbee-zcl-general.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/epan/dissectors/packet-zbee-zcl-general.c b/epan/dissectors/packet-zbee-zcl-general.c index 3f090c2b0a..116d23e3c8 100644 --- a/epan/dissectors/packet-zbee-zcl-general.c +++ b/epan/dissectors/packet-zbee-zcl-general.c @@ -3155,7 +3155,7 @@ dissect_zcl_appl_ctrl_wr_funcs(tvbuff_t *tvb, proto_tree *tree, guint *offset) guint i = 0; tvb_len = tvb_reported_length(tvb); - while ( *offset < tvb_len && i < ZBEE_ZCL_NUM_ATTR_ETT ) { + while ( *offset < tvb_len && i < ZBEE_ZCL_APPL_CTRL_NUM_FUNC_ETT ) { /* Create subtree for attribute status field */ ti = proto_tree_add_text(tree, tvb, *offset, 0, "Function #%d", i); sub_tree = proto_item_add_subtree(ti, ett_zbee_zcl_appl_ctrl_func[i]); @@ -3311,10 +3311,8 @@ dissect_zcl_appl_ctrl_attr_data(proto_tree *tree, tvbuff_t *tvb, guint *offset, * none *--------------------------------------------------------------- */ -void proto_register_zbee_zcl_appl_ctrl - ( - void - ) +void +proto_register_zbee_zcl_appl_ctrl(void) { guint i, j; |