forked from osmocom/wireshark
[OpenSafety] Bugfix invalid length calculation.
Length calculation leads to -1, which will result in a large malloc https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1212 Bug: 13649 Change-Id: Iccb78b8c8ec9ca8e8f97bc12d0d8f41526d1f791 Reviewed-on: https://code.wireshark.org/review/21367 Reviewed-by: Roland Knall <rknall@gmail.com> Petri-Dish: Roland Knall <rknall@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
a1152a2a1f
commit
f643169504
|
@ -1286,6 +1286,13 @@ dissect_opensafety_ssdo_message(tvbuff_t *message_tvb, packet_info *pinfo, proto
|
|||
else
|
||||
{
|
||||
payloadSize = dataLength - (payloadOffset - db0Offset);
|
||||
if ((gint)dataLength < (payloadOffset - db0Offset))
|
||||
{
|
||||
if ( global_opensafety_debug_verbose )
|
||||
expert_add_info_format(pinfo, opensafety_item, &ei_payload_length_not_positive,
|
||||
"Calculation for payload length yielded non-positive result [%d]", (gint)payloadSize );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( fragmentId != 0 && packet->payload.ssdo->sacmd.segmented )
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue