From Ivan Sy (with minor modifications):

[obnox/wireshark/wip.git] / wiretap / erf.c

diff --git a/wiretap/erf.c b/wiretap/erf.c
index 49bdaa9581e5901c1771b91a8b128c43ae13fbb6..6d9a549cd21a94674ad5237123e6f9b6fb5cc440 100644 (file)
--- a/wiretap/erf.c
+++ b/wiretap/erf.c
@@ -126,7 +126,6 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info _U_)
 
     rlen=g_ntohs(header.rlen);
     wlen=g_ntohs(header.wlen);
-    packet_size = rlen - (guint32)sizeof(header);
 
     /* fail on invalid record type, invalid rlen, timestamps decreasing, or incrementing too far */
     
@@ -135,9 +134,11 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info _U_)
       return 0;
     }
     
+    packet_size = rlen - (guint32)sizeof(header);
     if (packet_size > WTAP_MAX_PACKET_SIZE) {
       /*
-       * Probably a corrupt capture file; don't blow up trying
+       * Probably a corrupt capture file or a file that's not an ERF file
+       * but that passed earlier tests; don't blow up trying
        * to allocate space for an immensely-large packet.
        */
       return 0;