forked from osmocom/wireshark
Fix infinite loop for when port max range is -1
Due to integer overflow (unsigned -1 + 1 = 0), a call to dissector_add_uint_range would be stuck in an infinite loop, eventually crashing due to out of memory. Found when setting radius.alternate_port:-1, but could happen with any dissector using similar ports_range constructs. Change-Id: Ia234e94516446250e959e0f51d552bef704cddff Reviewed-on: https://code.wireshark.org/review/13153 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
f83e20202f
commit
a5a2c3c04f
|
@ -952,8 +952,9 @@ void dissector_add_uint_range(const char *abbrev, range_t *range,
|
|||
|
||||
if (range) {
|
||||
for (i = 0; i < range->nranges; i++) {
|
||||
for (j = range->ranges[i].low; j <= range->ranges[i].high; j++)
|
||||
for (j = range->ranges[i].low; j < range->ranges[i].high; j++)
|
||||
dissector_add_uint(abbrev, j, handle);
|
||||
dissector_add_uint(abbrev, range->ranges[i].high, handle);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -997,8 +998,9 @@ void dissector_delete_uint_range(const char *abbrev, range_t *range,
|
|||
|
||||
if (range) {
|
||||
for (i = 0; i < range->nranges; i++) {
|
||||
for (j = range->ranges[i].low; j <= range->ranges[i].high; j++)
|
||||
for (j = range->ranges[i].low; j < range->ranges[i].high; j++)
|
||||
dissector_delete_uint(abbrev, j, handle);
|
||||
dissector_delete_uint(abbrev, range->ranges[i].high, handle);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue