forked from osmocom/wireshark
Fix bug #8936: Fuzz failure: attempt to allocate -1 bytes from packet-bacapp.c and/or tvb_generic_clone_offset_len()
Revert r50556: Add new function: validate_offset() which checks if offset is within bounds of tvb. svn path=/trunk/; revision=50633
This commit is contained in:
parent
7c5b471584
commit
fec836d697
|
@ -202,15 +202,44 @@ validate_offset(const tvbuff_t *tvb, const guint abs_offset)
|
|||
static int
|
||||
compute_offset(const tvbuff_t *tvb, const gint offset, guint *offset_ptr)
|
||||
{
|
||||
int exception;
|
||||
|
||||
if (offset >= 0) {
|
||||
/* Positive offset - relative to the beginning of the packet. */
|
||||
*offset_ptr = offset;
|
||||
} else {
|
||||
if ((guint) offset > tvb->reported_length) {
|
||||
if (tvb->flags & TVBUFF_FRAGMENT) {
|
||||
exception = FragmentBoundsError;
|
||||
} else {
|
||||
exception = ReportedBoundsError;
|
||||
}
|
||||
return exception;
|
||||
}
|
||||
else if ((guint) offset > tvb->length) {
|
||||
return BoundsError;
|
||||
}
|
||||
else {
|
||||
*offset_ptr = offset;
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* Negative offset - relative to the end of the packet. */
|
||||
*offset_ptr = tvb->length + offset;
|
||||
if ((guint) -offset > tvb->reported_length) {
|
||||
if (tvb->flags & TVBUFF_FRAGMENT) {
|
||||
exception = FragmentBoundsError;
|
||||
} else {
|
||||
exception = ReportedBoundsError;
|
||||
}
|
||||
return exception;
|
||||
}
|
||||
else if ((guint) -offset > tvb->length) {
|
||||
return BoundsError;
|
||||
}
|
||||
else {
|
||||
*offset_ptr = tvb->length + offset;
|
||||
}
|
||||
}
|
||||
|
||||
return validate_offset(tvb, *offset_ptr);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
Loading…
Reference in New Issue