From ca8b7b1ad08c7399fce6a3828dccc2861321ea47 Mon Sep 17 00:00:00 2001 From: Pascal Quantin Date: Wed, 27 Nov 2013 08:09:55 +0000 Subject: Reinitialize counter between loops to avoid an out of bound access found with fuzz testing. svn path=/trunk/; revision=53612 --- epan/dissectors/packet-rtpproxy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'epan/dissectors/packet-rtpproxy.c') diff --git a/epan/dissectors/packet-rtpproxy.c b/epan/dissectors/packet-rtpproxy.c index 3cddeb2fc9..ce1c74f446 100644 --- a/epan/dissectors/packet-rtpproxy.c +++ b/epan/dissectors/packet-rtpproxy.c @@ -295,7 +295,7 @@ rtpproxy_add_parameter(proto_tree *rtpproxy_tree, tvbuff_t *tvb, guint begin, gu proto_tree *another_tree = NULL; guint offset = 0; guint new_offset = 0; - gint i = 0; + gint i; guint pt = 0; gchar** codecs = NULL; guint codec_len; @@ -315,6 +315,7 @@ rtpproxy_add_parameter(proto_tree *rtpproxy_tree, tvbuff_t *tvb, guint begin, gu new_offset = (gint)strspn(rawstr+offset, "0123456789,"); another_tree = proto_item_add_subtree(ti, ett_rtpproxy_command_parameters_codecs); codecs = g_strsplit(tvb_get_string(wmem_packet_scope(), tvb, begin+offset, new_offset), ",", 0); + i = 0; while(codecs[i]){ /* We assume strings < 2^32-1 bytes long. :-) */ codec_len = (guint)strlen(codecs[i]); -- cgit v1.2.3