From 16f8ba1bed579344df373bf38fff552ab8baf380 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 3 Jul 2014 11:25:21 +0200
Subject: catapult,irda: Fix ASAN crashes due to buffer underrun

The catapult dissector tripped on this random file I had. A quick look
at other dissectors which use a construct like "-1] *= '*\\[rn]" showed
packet-irda too, so fix that as well.

Change-Id: I4b5fadcacd0b09d0fb29bdefc3dd1f28aef9b593
Reviewed-on: https://code.wireshark.org/review/2802
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
---
 plugins/irda/packet-irda.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'plugins/irda')

diff --git a/plugins/irda/packet-irda.c b/plugins/irda/packet-irda.c
index 1fb280f813..add449589c 100644
--- a/plugins/irda/packet-irda.c
+++ b/plugins/irda/packet-irda.c
@@ -1651,14 +1651,14 @@ static void dissect_log(tvbuff_t* tvb, packet_info* pinfo, proto_tree* root)
         char    buf[256];
 
 
-        length = tvb_length(tvb);
+        length = tvb_captured_length(tvb);
         if (length > sizeof(buf)-1)
             length = sizeof(buf)-1;
         tvb_memcpy(tvb, buf, 0, length);
         buf[length] = 0;
-        if (buf[length-1] == '\n')
+        if (length > 0 && buf[length-1] == '\n')
             buf[length-1] = 0;
-        else if (buf[length-2] == '\n')
+        else if (length > 1 && buf[length-2] == '\n')
             buf[length-2] = 0;
 
         col_add_str(pinfo->cinfo, COL_INFO, buf);
-- 
cgit v1.2.1