From Martin Kaiser:

"attached is a simple fix for CID281213. Although the bug can't crash wireshark, dissect_si_string() is not really fit for handling negative string lengths (and doesn't need to)." https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7243 svn path=/trunk/; revision=42523
2012-05-09 20:39:21 +00:00 · 2012-05-09 20:39:21 +00:00 · 75f6458053
parent d5b3acebd1
commit 75f6458053
1 changed files with 2 additions and 1 deletions
--- a/epan/dissectors/packet-dvbci.c
+++ b/epan/dissectors/packet-dvbci.c
@ -1969,7 +1969,8 @@ dissect_si_string(tvbuff_t *tvb, gint offset, gint str_len,

    if (!title)  /* we always have a title for our strings */
        return;
-    if (str_len==0)
+    /* str_len==-1 is not supported, we need an actual length */
+    if (str_len<=0)
        return;

    byte0 = tvb_get_guint8(tvb, offset);