diff options
author | Guy Harris <guy@alum.mit.edu> | 2004-06-28 06:01:33 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2004-06-28 06:01:33 +0000 |
commit | 7c097187c901ba09b94869903a3dfbde7539aeb8 (patch) | |
tree | ddd54ab4033b77a52b8eb5ff4057908d2855b118 /epan/ftypes/ftypes.c | |
parent | de2a2077b89816db5aa6880ee9388b09d54863a6 (diff) | |
download | wireshark-7c097187c901ba09b94869903a3dfbde7539aeb8.tar.gz |
From Graeme Hewson: prevent an assertion failure if a display filter
specifies [i:] and i is >= the length of the frame.
svn path=/trunk/; revision=11258
Diffstat (limited to 'epan/ftypes/ftypes.c')
-rw-r--r-- | epan/ftypes/ftypes.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/epan/ftypes/ftypes.c b/epan/ftypes/ftypes.c index 27915f0243..55517f8d96 100644 --- a/epan/ftypes/ftypes.c +++ b/epan/ftypes/ftypes.c @@ -1,5 +1,5 @@ /* - * $Id: ftypes.c,v 1.23 2004/06/03 07:34:49 guy Exp $ + * $Id: ftypes.c,v 1.24 2004/06/28 06:01:33 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -350,28 +350,33 @@ slice_func(gpointer data, gpointer user_data) } } - /* Check the end type, and set both end_offset and length */ + /* Check the end type and set the length */ if (ending == TO_THE_END) { - end_offset = field_length - 1; - length = end_offset - start_offset + 1; + length = field_length - start_offset; + if (length <= 0) { + slice_data->slice_failure = TRUE; + return; + } } else if (ending == LENGTH) { length = drange_node_get_length(drnode); - end_offset = start_offset + length - 1; + if (start_offset + length > (int) field_length) { + slice_data->slice_failure = TRUE; + return; + } } else if (ending == OFFSET) { end_offset = drange_node_get_end_offset(drnode); if (end_offset < 0) { end_offset = field_length + end_offset; - if (end_offset < 0) { - slice_data->slice_failure = TRUE; - return; - } if (end_offset < start_offset) { slice_data->slice_failure = TRUE; return; } + } else if (end_offset >= (int) field_length) { + slice_data->slice_failure = TRUE; + return; } length = end_offset - start_offset + 1; } @@ -379,11 +384,6 @@ slice_func(gpointer data, gpointer user_data) g_assert_not_reached(); } - if (end_offset >= (int) field_length) { - slice_data->slice_failure = TRUE; - return; - } - g_assert(start_offset >=0 && length > 0); fv->ftype->slice(fv, slice_data->bytes, start_offset, length); } |