Don't look at the comment or process table with pre-2.2 files.

NetMon apparently didn't zero out the file header, so those fields have
random values in pre-2.2.

Change-Id: I3aeede6ab273d57ca937a5e18e67223fb4ed18da
Reviewed-on: https://code.wireshark.org/review/23666
Reviewed-by: Guy Harris <guy@alum.mit.edu>

1 files changed, 17 insertions, 6 deletions

diff --git a/wiretap/netmon.c b/wiretap/netmon.c
index 466c87affc..7015c7669f 100644
--- a/wiretap/netmon.c
+++ b/wiretap/netmon.c
@@ -352,13 +352,24 @@ wtap_open_return_val netmon_open(wtap *wth, int *err, gchar **err_info)
 	frame_table_offset = pletoh32(&hdr.frametableoffset);
 
 	/*
-	 * Get the offset and length of the comment index table and
-	 * process info table.
+	 * For NetMon 2.2 format and later, get the offset and length of
+	 * the comment index table and process info table.
+	 *
+	 * For earlier versions, set them to zero; they appear to be
+	 * uninitialized, so they're not necessarily zero.
 	 */
-	comment_table_offset = pletoh32(&hdr.commentdataoffset);
-	comment_table_size = pletoh32(&hdr.commentdatalength);
-	process_info_table_offset = pletoh32(&hdr.processinfooffset);
-	process_info_table_count = pletoh32(&hdr.processinfocount);
+	if ((netmon->version_major == 2 && netmon->version_minor >= 2) ||
+	    netmon->version_major > 2) {
+		comment_table_offset = pletoh32(&hdr.commentdataoffset);
+		comment_table_size = pletoh32(&hdr.commentdatalength);
+		process_info_table_offset = pletoh32(&hdr.processinfooffset);
+		process_info_table_count = pletoh32(&hdr.processinfocount);
+	} else {
+		comment_table_offset = 0;
+		comment_table_size = 0;
+		process_info_table_offset = 0;
+		process_info_table_count = 0;
+	}
 
 	/*
 	 * It appears that some NetMon 2.x files don't have the