forked from osmocom/wireshark
ptvcursor: Fix crash with deeply nested subtrees
If the proto tree is more than 8 levels deep, the subtree_lvl array
length is extended, by allocating a new area and copying everything into
that new area. However the old array length wasn't calculated correctly,
so only part of the subtree_lvl array was copied, causing a crash after
two ptvcursor_pop_subtree() calls.
(cherry picked from commit fa483ac191
)
This commit is contained in:
parent
489fc40a49
commit
d28ded7244
|
@ -1120,6 +1120,7 @@ static void
|
|||
ptvcursor_new_subtree_levels(ptvcursor_t *ptvc)
|
||||
{
|
||||
subtree_lvl *pushed_tree;
|
||||
size_t pushed_tree_len = sizeof(subtree_lvl) * ptvc->pushed_tree_max;
|
||||
|
||||
DISSECTOR_ASSERT(ptvc->pushed_tree_max <= SUBTREE_MAX_LEVELS-SUBTREE_ONCE_ALLOCATION_NUMBER);
|
||||
ptvc->pushed_tree_max += SUBTREE_ONCE_ALLOCATION_NUMBER;
|
||||
|
@ -1127,7 +1128,7 @@ ptvcursor_new_subtree_levels(ptvcursor_t *ptvc)
|
|||
pushed_tree = (subtree_lvl *)wmem_alloc(wmem_packet_scope(), sizeof(subtree_lvl) * ptvc->pushed_tree_max);
|
||||
DISSECTOR_ASSERT(pushed_tree != NULL);
|
||||
if (ptvc->pushed_tree)
|
||||
memcpy(pushed_tree, ptvc->pushed_tree, ptvc->pushed_tree_max - SUBTREE_ONCE_ALLOCATION_NUMBER);
|
||||
memcpy(pushed_tree, ptvc->pushed_tree, pushed_tree_len);
|
||||
ptvc->pushed_tree = pushed_tree;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue