Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6491 :

Don't set mr_mult_req_info->num_services until we're sure we've initialized the full structure for that service. Otherwise if we happen to throw an exception before initializing the whole structure, we'll core someplace (like dissect_cip_generic_service_rsp()) which expects all num_services entries to be fully initialized. svn path=/trunk/; revision=39626
2011-10-27 01:48:39 +00:00 · 2011-10-27 01:48:39 +00:00 · 3c622f7b80
parent a4e597b545
commit 3c622f7b80
1 changed files with 9 additions and 1 deletions
--- a/epan/dissectors/packet-cip.c
+++ b/epan/dissectors/packet-cip.c
@ -3192,7 +3192,6 @@ dissect_cip_multiple_service_packet_req(tvbuff_t *tvb, packet_info *pinfo, proto
      {
         mr_mult_req_info = se_alloc(sizeof(mr_mult_req_info_t));
         mr_mult_req_info->service = SC_MULT_SERV_PACK;
-         mr_mult_req_info->num_services = num_services;
         mr_mult_req_info->requests = se_alloc(sizeof(cip_req_info_t)*num_services);
         cip_req_info->pData = mr_mult_req_info;
      }
@ -3254,6 +3253,15 @@ dissect_cip_multiple_service_packet_req(tvbuff_t *tvb, packet_info *pinfo, proto
      {
         dissect_cip_data(mult_serv_tree, next_tvb, 0, pinfo, NULL );
      }
+
+      /* Don't set mr_mult_req_info->num_services until we're sure we've
+       * initialized the full structure for that service.  Otherwise if we
+       * happen to throw an exception here (before initializing the whole
+       * structure), we'll core someplace (like
+       * dissect_cip_generic_service_rsp()) which expects all num_services
+       * entries to be fully initialized.
+       */
+      mr_mult_req_info->num_services = i;
   }

 }