For WTAP_ENCAP_ERF files if we find an Extension and/or Multi-Channel header,
ensure that the size of the full pseudoheader is smaller than the packet size
to avoid an underflow and subsequent attempt to allocate a rather large amount
of memory.
svn path=/trunk/; revision=41008
return -1; /* Read error */
phdr_len += size;
+
+ if (check_packet_size &&
+ packet_size < (guint)phdr_len) {
+ /*
+ * Uh-oh, the packet isn't big enough for the pseudo-
+ * header.
+ */
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("pcap: ERF file has a %u-byte packet, too small for a pseudo-header with ex- and sub-headers (%d)",
+ packet_size, phdr_len);
+ return -1;
+ }
break;
case WTAP_ENCAP_I2C: