Fix possible buffer overflow in col_append_sep_fstr()

After appending separator it might happen that len > max_len, in such case g_vsnprintf() will overflow the col_buf buffer. Change-Id: Ic5ff49d30e30509e835165c4cc7e72e31f92fd5f Reviewed-on: https://code.wireshark.org/review/1493 Reviewed-by: Evan Huus <eapache@gmail.com>
author: Jakub Zawadzki <darkjames@darkjames.pl> 2014-05-04 23:06:54 +0200
committer: Evan Huus <eapache@gmail.com> 2014-05-05 03:58:42 +0000
commit: 984e52244f08d344a6979bf1405b3d730a388702 (patch)
tree: 416cbb98cc1f84b2cd5e9c446c309f2114a99127 /epan/column-utils.c
parent: f13bbf270744ade588427011618abba2ea12f789 (diff)
download: wireshark-984e52244f08d344a6979bf1405b3d730a388702.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/epan/column-utils.c b/epan/column-utils.c
index 3a237b575b..4b5751b19b 100644
--- a/epan/column-utils.c
+++ b/epan/column-utils.c
@@ -392,9 +392,11 @@ col_append_sep_fstr(column_info *cinfo, const gint el, const gchar *separator,
           len += sep_len;
         }
       }
-      va_start(ap, format);
-      g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap);
-      va_end(ap);
+      if (len < max_len) {
+        va_start(ap, format);
+        g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap);
+        va_end(ap);
+      }
     }
   }
 }
author	Jakub Zawadzki <darkjames@darkjames.pl>	2014-05-04 23:06:54 +0200
committer	Evan Huus <eapache@gmail.com>	2014-05-05 03:58:42 +0000
commit	984e52244f08d344a6979bf1405b3d730a388702 (patch)
tree	416cbb98cc1f84b2cd5e9c446c309f2114a99127 /epan/column-utils.c
parent	f13bbf270744ade588427011618abba2ea12f789 (diff)
download	wireshark-984e52244f08d344a6979bf1405b3d730a388702.tar.gz