forked from osmocom/wireshark
GSM CBCH: fix an out of bounds access
As explained by Guy, we should use new_slots[i] and not new_slots[k] Bug: 12278 Change-Id: Ifae44f9d5948bed5c4ee0442510724016e307dee Reviewed-on: https://code.wireshark.org/review/14678 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
0aa0fb25e0
commit
0fe522dfc6
|
@ -253,22 +253,22 @@ dissect_schedule_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *top_tree
|
|||
else if (octet1 == 0x40)
|
||||
{
|
||||
/* MDT 010000000 */
|
||||
proto_tree_add_uint_format_value(sched_subtree, hf_gsm_cbch_slot, tvb, offset++, 1, new_slots[k],
|
||||
"%d Free Message Slot, optional reading", new_slots[k]);
|
||||
proto_tree_add_uint_format_value(sched_subtree, hf_gsm_cbch_slot, tvb, offset++, 1, new_slots[i],
|
||||
"%d Free Message Slot, optional reading", new_slots[i]);
|
||||
other_slots[new_slots[i] - 1] = 0xFFFE;
|
||||
}
|
||||
else if (octet1 == 0x41)
|
||||
{
|
||||
/* MDT 010000001 */
|
||||
proto_tree_add_uint_format_value(sched_subtree, hf_gsm_cbch_slot, tvb, offset++, 1, new_slots[k],
|
||||
"%d Free Message Slot, reading advised", new_slots[k]);
|
||||
proto_tree_add_uint_format_value(sched_subtree, hf_gsm_cbch_slot, tvb, offset++, 1, new_slots[i],
|
||||
"%d Free Message Slot, reading advised", new_slots[i]);
|
||||
other_slots[new_slots[i] - 1] = 0xFFFE;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* reserved MDT */
|
||||
proto_tree_add_uint_format_value(sched_subtree, hf_gsm_cbch_slot, tvb, offset, 1, new_slots[k],
|
||||
"%d reserved MDT: %x", new_slots[k], octet1);
|
||||
proto_tree_add_uint_format_value(sched_subtree, hf_gsm_cbch_slot, tvb, offset, 1, new_slots[i],
|
||||
"%d reserved MDT: %x", new_slots[i], octet1);
|
||||
other_slots[new_slots[i] - 1] = 0xFFFE;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue