From 5c27cb5f83cb2c89cf470a6203fe057d3fa7e322 Mon Sep 17 00:00:00 2001 From: Michael Mann Date: Tue, 22 Aug 2017 20:38:55 -0400 Subject: packet-bgp.c: using wmem_packet_scope() for decode_evpn_nlri_esi https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2736 Bug: 13995 Change-Id: Ia304251249e023a77a8fa3a650ef1640c3c2f314 Reviewed-on: https://code.wireshark.org/review/23168 Petri-Dish: Michael Mann Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann --- epan/dissectors/packet-bgp.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/epan/dissectors/packet-bgp.c b/epan/dissectors/packet-bgp.c index d6a4966194..310a596883 100644 --- a/epan/dissectors/packet-bgp.c +++ b/epan/dissectors/packet-bgp.c @@ -4427,7 +4427,6 @@ static int decode_evpn_nlri_esi(proto_tree *tree, tvbuff_t *tvb, gint offset, pa guint8 esi_type = 0; proto_tree *esi_tree; proto_item *ti; - wmem_allocator_t *buffer_value_string = NULL; ti = proto_tree_add_item(tree, hf_bgp_evpn_nlri_esi, tvb, offset, 10, ENC_NA); esi_tree = proto_item_add_subtree(ti, ett_bgp_evpn_nlri_esi); @@ -4438,7 +4437,7 @@ static int decode_evpn_nlri_esi(proto_tree *tree, tvbuff_t *tvb, gint offset, pa proto_tree_add_item(esi_tree, hf_bgp_evpn_nlri_esi_value, tvb, offset+1, 9, ENC_NA); proto_item_append_text(ti, ": %s", - tvb_bytes_to_str_punct(buffer_value_string, tvb, offset + 1, 9, ' ')); + tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset + 1, 9, ' ')); break; case BGP_NLRI_EVPN_ESI_LACP : proto_tree_add_item(esi_tree, hf_bgp_evpn_nlri_esi_lacp_mac, tvb, @@ -4449,7 +4448,7 @@ static int decode_evpn_nlri_esi(proto_tree *tree, tvbuff_t *tvb, gint offset, pa offset+9, 1, ENC_NA); proto_item_append_text(ti, ": %s, Key: %s", tvb_ether_to_str(tvb,offset+1), - tvb_bytes_to_str_punct(buffer_value_string, tvb, offset + 7, 2, ' ')); + tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset + 7, 2, ' ')); break; case BGP_NLRI_EVPN_ESI_MSTP : proto_tree_add_item(esi_tree, hf_bgp_evpn_nlri_esi_rb_mac, tvb, @@ -4460,7 +4459,7 @@ static int decode_evpn_nlri_esi(proto_tree *tree, tvbuff_t *tvb, gint offset, pa offset+9, 1, ENC_NA); proto_item_append_text(ti, ": %s, Priority: %s", tvb_ether_to_str(tvb,offset+1), - tvb_bytes_to_str_punct(buffer_value_string, tvb, offset + 7, 2, ' ')); + tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset + 7, 2, ' ')); break; case BGP_NLRI_EVPN_ESI_MAC : proto_tree_add_item(esi_tree, hf_bgp_evpn_nlri_esi_sys_mac, tvb, @@ -4471,7 +4470,7 @@ static int decode_evpn_nlri_esi(proto_tree *tree, tvbuff_t *tvb, gint offset, pa offset+9, 1, ENC_NA); proto_item_append_text(ti, ": %s, Discriminator: %s", tvb_ether_to_str(tvb,offset+1), - tvb_bytes_to_str_punct(buffer_value_string, tvb, offset + 7, 2, ' ')); + tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset + 7, 2, ' ')); break; case BGP_NLRI_EVPN_ESI_RID : proto_tree_add_item(esi_tree, hf_bgp_evpn_nlri_esi_router_id, tvb, @@ -4482,7 +4481,7 @@ static int decode_evpn_nlri_esi(proto_tree *tree, tvbuff_t *tvb, gint offset, pa offset+9, 1, ENC_NA); proto_item_append_text(ti, ": %s, Discriminator: %s", tvb_ip_to_str(tvb,offset+1), - tvb_bytes_to_str_punct(buffer_value_string, tvb, offset + 5, 4, ' ')); + tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset + 5, 4, ' ')); break; case BGP_NLRI_EVPN_ESI_ASN : proto_tree_add_item(esi_tree, hf_bgp_evpn_nlri_esi_asn, tvb, @@ -4493,7 +4492,7 @@ static int decode_evpn_nlri_esi(proto_tree *tree, tvbuff_t *tvb, gint offset, pa offset+9, 1, ENC_NA); proto_item_append_text(ti, ": %u, Discriminator: %s", tvb_get_ntohl(tvb,offset+1), - tvb_bytes_to_str_punct(buffer_value_string, tvb, offset + 5, 4, ' ')); + tvb_bytes_to_str_punct(wmem_packet_scope(), tvb, offset + 5, 4, ' ')); break; case BGP_NLRI_EVPN_ESI_RES : proto_tree_add_item(esi_tree, hf_bgp_evpn_nlri_esi_reserved, tvb, -- cgit v1.2.3