From 3b644a75c9530b8fc60e2fa964dfb2ae327e240d Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Sat, 20 Feb 2016 16:02:54 +0100
Subject: Fix various off-by-one in buffer sizes

Some only allow buffer overruns (read), others also buffer overflows
(write).

Found by looking for '\[ *N *\]' where N is 255, 0xff, 15 and 0xf (case
insensitive).

Change-Id: I250687e2fdeb8fbd5eaf0bbb8251c3dab9640760
Reviewed-on: https://code.wireshark.org/review/14034
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
---
 epan/dissectors/packet-q933.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'epan/dissectors/packet-q933.c')

diff --git a/epan/dissectors/packet-q933.c b/epan/dissectors/packet-q933.c
index c734c90fe8..aae33a7ff4 100644
--- a/epan/dissectors/packet-q933.c
+++ b/epan/dissectors/packet-q933.c
@@ -1795,7 +1795,7 @@ dissect_q933(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_
 	proto_item	*ti;
 	proto_tree	*ie_tree = NULL;
 	guint8		call_ref_len;
-	guint8		call_ref[15];
+	guint8		call_ref[16];
 	guint8		message_type;
 	guint8		info_element;
 	guint16		info_element_len;
-- 
cgit v1.2.3