git.samba.org / metze / wireshark / wip.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 918a7f8) | patch
Don't trust the pointer value in a packet; it could be invalid, and this
authorGuy Harris <guy@alum.mit.edu>
Sun, 12 Feb 2012 20:03:37 +0000 (20:03 -0000)
committerGuy Harris <guy@alum.mit.edu>
Sun, 12 Feb 2012 20:03:37 +0000 (20:03 -0000)
commitf36fec738187d01074704159f2e9f7cede58d492
tree2ea91323db1acfc07fc826aa7abb88984316c395tree
parent918a7f858b322f2d602d2557f99dd46d624a824bcommit | diff
Don't trust the pointer value in a packet; it could be invalid, and this
could cause an unsigned length value to be reduced by more than its
value, turning it into a very large value.

I couldn't exactly reproduce bug 6833, but it was due to an attempt to
allocate 4294967110 bytes, and this bug caused remaining_len to equal
4294967110, and it would try to create a reassembled packet tvbuff of
that size, so I'm guessing this fixes 6833.

svn path=/trunk/; revision=41001
epan/dissectors/packet-mp2t.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.