Don't try to allocate more than WTAP_MAX_PACKET_SIZE. Fixes a crash

author gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>

Mon, 10 Aug 2009 16:12:55 +0000 (16:12 +0000)

committer gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>

Mon, 10 Aug 2009 16:12:55 +0000 (16:12 +0000)
author gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>
Mon, 10 Aug 2009 16:12:55 +0000 (16:12 +0000)
committer gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>
Mon, 10 Aug 2009 16:12:55 +0000 (16:12 +0000)
diff --git a/wiretap/erf.c b/wiretap/erf.c

index 5e88a64ddce71d503274a324801d0856216db73a..49bdaa9581e5901c1771b91a8b128c43ae13fbb6 100644 (file)
--- a/wiretap/erf.c
+++ b/wiretap/erf.c
@@ -218,6 +218,13 @@ extern int erf_open(wtap *wth, int *err, gchar **err_info _U_)
  
      /* The file_seek function do not return an error if the end of file
         is reached whereas the record is truncated */
+    if (packet_size > WTAP_MAX_PACKET_SIZE) {
+      /*
+       * Probably a corrupt capture file; don't blow up trying
+       * to allocate space for an immensely-large packet.
+       */
+      return 0;
+    }
      buffer=g_malloc(packet_size);
      r = file_read(buffer, 1, packet_size, wth->fh);
      g_free(buffer);
author	gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>
	Mon, 10 Aug 2009 16:12:55 +0000 (16:12 +0000)
committer	gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7>
	Mon, 10 Aug 2009 16:12:55 +0000 (16:12 +0000)