From 984e52244f08d344a6979bf1405b3d730a388702 Mon Sep 17 00:00:00 2001
From: Jakub Zawadzki <darkjames@darkjames.pl>
Date: Sun, 4 May 2014 23:06:54 +0200
Subject: Fix possible buffer overflow in col_append_sep_fstr()

After appending separator it might happen that len > max_len, in such case
g_vsnprintf() will overflow the col_buf buffer.

Change-Id: Ic5ff49d30e30509e835165c4cc7e72e31f92fd5f
Reviewed-on: https://code.wireshark.org/review/1493
Reviewed-by: Evan Huus <eapache@gmail.com>
---
 epan/column-utils.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'epan/column-utils.c')

diff --git a/epan/column-utils.c b/epan/column-utils.c
index 3a237b575b..4b5751b19b 100644
--- a/epan/column-utils.c
+++ b/epan/column-utils.c
@@ -392,9 +392,11 @@ col_append_sep_fstr(column_info *cinfo, const gint el, const gchar *separator,
           len += sep_len;
         }
       }
-      va_start(ap, format);
-      g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap);
-      va_end(ap);
+      if (len < max_len) {
+        va_start(ap, format);
+        g_vsnprintf(&cinfo->col_buf[i][len], max_len - len, format, ap);
+        va_end(ap);
+      }
     }
   }
 }
-- 
cgit v1.2.1