|
 |
6415a4 |
diff --git a/wiretap/mpeg.c b/wiretap/mpeg.c
|
|
|
6415a4 |
index 1500162..bd3ab24 100644
|
|
|
6415a4 |
--- a/wiretap/mpeg.c
|
|
|
6415a4 |
+++ b/wiretap/mpeg.c
|
|
|
6415a4 |
@@ -111,7 +111,7 @@ mpeg_read_rec_data(FILE_T fh, guint8 *pd, int length, int *err,
|
|
|
6415a4 |
|
|
|
6415a4 |
#define SCRHZ 27000000
|
|
|
6415a4 |
|
|
|
6415a4 |
-static gboolean
|
|
|
6415a4 |
+static gboolean
|
|
|
6415a4 |
mpeg_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
|
|
|
6415a4 |
{
|
|
|
6415a4 |
mpeg_t *mpeg = (mpeg_t *)wth->priv;
|
|
|
6415a4 |
@@ -225,6 +225,18 @@ mpeg_read(wtap *wth, int *err, gchar **err_info, gint64 *data_offset)
|
|
|
6415a4 |
}
|
|
|
6415a4 |
*data_offset = file_tell(wth->fh);
|
|
|
6415a4 |
|
|
|
6415a4 |
+ if (packet_size > WTAP_MAX_PACKET_SIZE) {
|
|
|
6415a4 |
+ /*
|
|
|
6415a4 |
+ * Larger than we can handle. Don't blow up trying
|
|
|
6415a4 |
+ * to allocate space for an immensely-large packet
|
|
|
6415a4 |
+ * or clobber the stack.
|
|
|
6415a4 |
+ */
|
|
|
6415a4 |
+ *err = WTAP_ERR_BAD_FILE;
|
|
|
6415a4 |
+ *err_info = g_strdup_printf("mpeg: File has %u-byte packet, bigger than maximum of %u",
|
|
|
6415a4 |
+ packet_size, WTAP_MAX_PACKET_SIZE);
|
|
|
6415a4 |
+ return FALSE;
|
|
|
6415a4 |
+ }
|
|
|
6415a4 |
+
|
|
|
6415a4 |
buffer_assure_space(wth->frame_buffer, packet_size);
|
|
|
6415a4 |
if (!mpeg_read_rec_data(wth->fh, buffer_start_ptr(wth->frame_buffer),
|
|
|
6415a4 |
packet_size, err, err_info))
|