From Jakub Zawadzki via bug 4274:
Switch back to checking size instead of asize in emem_alloc_chunk. Make sure we don't try to cross the streams by allocating a negative amount of memory in the LTP dissector. svn path=/trunk/; revision=31132
This commit is contained in:
parent
874657592c
commit
9417a7c86f
|
@ -322,6 +322,9 @@ dissect_report_segment(proto_tree *ltp_tree, tvbuff_t *tvb,int frame_offset){
|
|||
}
|
||||
|
||||
rcpt_clm_cnt = evaluate_sdnv(tvb,frame_offset + segment_offset, &rcpt_clm_cnt_size);
|
||||
if (rcpt_clm_cnt < 0){
|
||||
return 0;
|
||||
}
|
||||
segment_offset += rcpt_clm_cnt_size;
|
||||
if((unsigned)(frame_offset + segment_offset) > tvb_length(tvb)){
|
||||
return 0;
|
||||
|
|
|
@ -723,7 +723,7 @@ emem_alloc_chunk(size_t size, emem_header_t *mem)
|
|||
#endif
|
||||
|
||||
/* make sure we dont try to allocate too much (arbitrary limit) */
|
||||
DISSECTOR_ASSERT(asize<(EMEM_PACKET_CHUNK_SIZE>>2));
|
||||
DISSECTOR_ASSERT(size<(EMEM_PACKET_CHUNK_SIZE>>2));
|
||||
|
||||
if (!mem->free_list)
|
||||
emem_create_chunk(&mem->free_list, use_canary);
|
||||
|
|
Loading…
Reference in New Issue