From 8dcb530de6372580fa08659f1b230a86ac53d553 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Mon, 17 Jul 2017 18:22:53 -0700
Subject: [PATCH] Copy no more than MAX_ERF_EHDR - 1 additional extension
 headers.

The array of headers has MAX_ERF_EHDR entries, and the additional
entries are appended after the first entry, so that leaves room for at
most MAX_ERF_EHDR - 1.

Fixes CID 1415440.

Change-Id: Iaa2c3577bbff429bcc1301e4cfdf1961f067be93
Reviewed-on: https://code.wireshark.org/review/22684
Reviewed-by: Guy Harris <guy@alum.mit.edu>
---
 wiretap/erf.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wiretap/erf.c b/wiretap/erf.c
index 56dd7334ca..b141cd3c20 100644
--- a/wiretap/erf.c
+++ b/wiretap/erf.c
@@ -1683,7 +1683,13 @@ static gboolean erf_write_meta_record(wtap_dumper *wdh, erf_dump_t *dump_priv, g
 
   total_rlen = total_wlen + 24; /* 24 is the header + extension header length */
   if (extra_ehdrs) {
-    num_extra_ehdrs = MIN(extra_ehdrs->len, MAX_ERF_EHDR);
+    /*
+     * These will be appended to the first extension header in
+     * other_header.erf.ehdr_list.  There are a total of MAX_ERF_EHDR
+     * extension headers in that array, so we can append no more than
+     * MAX_ERF_EHDR - 1 extension headeers.
+     */
+    num_extra_ehdrs = MIN(extra_ehdrs->len, MAX_ERF_EHDR - 1);
     total_rlen += num_extra_ehdrs * 8;
   }
   /*padding to 8 byte alignment*/