diff options
author | Jakub Zawadzki <darkjames@darkjames.pl> | 2014-05-04 23:06:54 +0200 |
---|---|---|
committer | Evan Huus <eapache@gmail.com> | 2014-05-05 03:58:42 +0000 |
commit | 984e52244f08d344a6979bf1405b3d730a388702 (patch) | |
tree | 416cbb98cc1f84b2cd5e9c446c309f2114a99127 /epan/column-utils.c | |
parent | f13bbf270744ade588427011618abba2ea12f789 (diff) | |
download | wireshark-984e52244f08d344a6979bf1405b3d730a388702.tar.gz |
Fix possible buffer overflow in col_append_sep_fstr()
After appending separator it might happen that len > max_len, in such case
g_vsnprintf() will overflow the col_buf buffer.
Change-Id: Ic5ff49d30e30509e835165c4cc7e72e31f92fd5f
Reviewed-on: https://code.wireshark.org/review/1493
Reviewed-by: Evan Huus <eapache@gmail.com>
Diffstat (limited to 'epan/column-utils.c')
-rw-r--r-- | epan/column-utils.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/epan/column-utils.c b/epan/column-utils.c index 3a237b575b..4b5751b19b 100644 --- a/epan/column-utils.c +++ b/epan/column-utils.c @@ -392,9 +392,11 @@ col_append_sep_fstr(column_info *cinfo, const gint el, const gchar *separator, len += sep_len; } } - va_start(ap, format); - g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap); - va_end(ap); + if (len < max_len) { + va_start(ap, format); + g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap); + va_end(ap); + } } } } |