AMQP: fix a stack overflow when offset goes back and forth
Previous code assumed that list decoding was successful and that some bytes were consumed. Let's explicitly check this. Bug: 13780 Change-Id: I3546b093f309f2b8096f01bc9987ac5ad9e029eb Reviewed-on: https://code.wireshark.org/review/22235 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
bb58b3a264
commit
246cbbc2ea
|
@ -9978,7 +9978,13 @@ get_amqp_1_0_value_formatter(tvbuff_t *tvb,
|
|||
item,
|
||||
hf_amqp_type,
|
||||
hf_amqp_subtype_count,
|
||||
hf_amqp_subtypes, name)-1; /* "-1" due to decode type again in the method */
|
||||
hf_amqp_subtypes, name);
|
||||
if (*length_size == 0) {
|
||||
/* something went wrong during list dissection; let's stop here */
|
||||
*length_size = tvb_reported_length_remaining(tvb, offset);
|
||||
} else {
|
||||
*length_size -= 1; /* "-1" due to decode type again in the method */
|
||||
}
|
||||
break;
|
||||
case AMQP_1_0_TYPE_MAP8:
|
||||
case AMQP_1_0_TYPE_MAP32:
|
||||
|
|
Loading…
Reference in New Issue