@@ -7304,7 +7304,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
73047304 const wbxml_decoding * map )
73057305{
73067306 guint32 tvb_len = tvb_reported_length (tvb );
7307- guint32 off = offset ;
7307+ guint32 off = offset , last_off ;
73087308 guint32 len ;
73097309 guint str_len ;
73107310 guint32 ent ;
@@ -7323,6 +7323,7 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
73237323 tag_save_literal = NULL ; /* Prevents compiler warning */
73247324
73257325 DebugLog (("parse_wbxml_tag_defined (level = %u, offset = %u)\n" , * level , offset ));
7326+ last_off = off ;
73267327 while (off < tvb_len ) {
73277328 peek = tvb_get_guint8 (tvb , off );
73287329 DebugLog (("STAG: (top of while) level = %3u, peek = 0x%02X, off = %u, tvb_len = %u\n" , * level , peek , off , tvb_len ));
@@ -7694,6 +7695,10 @@ parse_wbxml_tag_defined (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
76947695 /* TODO: Do I have to reset code page here? */
76957696 }
76967697 } /* if (tag & 0x3F) >= 5 */
7698+ if (off < last_off ) {
7699+ THROW (ReportedBoundsError );
7700+ }
7701+ last_off = off ;
76977702 } /* while */
76987703 DebugLog (("STAG: level = %u, Return: len = %u (end of function body)\n" , * level , off - offset ));
76997704 return (off - offset );
@@ -7711,7 +7716,7 @@ parse_wbxml_tag (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
77117716 guint8 * codepage_stag , guint8 * codepage_attr )
77127717{
77137718 guint32 tvb_len = tvb_reported_length (tvb );
7714- guint32 off = offset ;
7719+ guint32 off = offset , last_off ;
77157720 guint32 len ;
77167721 guint str_len ;
77177722 guint32 ent ;
@@ -7732,6 +7737,7 @@ parse_wbxml_tag (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
77327737 tag_save_literal = NULL ; /* Prevents compiler warning */
77337738
77347739 DebugLog (("parse_wbxml_tag (level = %u, offset = %u)\n" , * level , offset ));
7740+ last_off = off ;
77357741 while (off < tvb_len ) {
77367742 peek = tvb_get_guint8 (tvb , off );
77377743 DebugLog (("STAG: (top of while) level = %3u, peek = 0x%02X, off = %u, tvb_len = %u\n" , * level , peek , off , tvb_len ));
@@ -8091,6 +8097,10 @@ parse_wbxml_tag (proto_tree *tree, tvbuff_t *tvb, guint32 offset,
80918097 /* TODO: Do I have to reset code page here? */
80928098 }
80938099 } /* if (tag & 0x3F) >= 5 */
8100+ if (off < last_off ) {
8101+ THROW (ReportedBoundsError );
8102+ }
8103+ last_off = off ;
80948104 } /* while */
80958105 DebugLog (("STAG: level = %u, Return: len = %u (end of function body)\n" ,
80968106 * level , off - offset ));
@@ -8126,7 +8136,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
81268136 const wbxml_decoding * map )
81278137{
81288138 guint32 tvb_len = tvb_reported_length (tvb );
8129- guint32 off = offset ;
8139+ guint32 off = offset , last_off ;
81308140 guint32 len ;
81318141 guint str_len ;
81328142 guint32 ent ;
@@ -8138,6 +8148,7 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
81388148 DebugLog (("parse_wbxml_attr_defined (level = %u, offset = %u)\n" ,
81398149 level , offset ));
81408150 /* Parse attributes */
8151+ last_off = off ;
81418152 while (off < tvb_len ) {
81428153 peek = tvb_get_guint8 (tvb , off );
81438154 DebugLog (("ATTR: (top of while) level = %3u, peek = 0x%02X, "
@@ -8330,6 +8341,10 @@ parse_wbxml_attribute_list_defined (proto_tree *tree, tvbuff_t *tvb,
83308341 off ++ ;
83318342 }
83328343 }
8344+ if (off < last_off ) {
8345+ THROW (ReportedBoundsError );
8346+ }
8347+ last_off = off ;
83338348 } /* End WHILE */
83348349 DebugLog (("ATTR: level = %u, Return: len = %u (end of function body)\n" ,
83358350 level , off - offset ));
@@ -8350,7 +8365,7 @@ parse_wbxml_attribute_list (proto_tree *tree, tvbuff_t *tvb,
83508365 guint32 offset , guint32 str_tbl , guint8 level , guint8 * codepage_attr )
83518366{
83528367 guint32 tvb_len = tvb_reported_length (tvb );
8353- guint32 off = offset ;
8368+ guint32 off = offset , last_off ;
83548369 guint32 len ;
83558370 guint str_len ;
83568371 guint32 ent ;
@@ -8359,6 +8374,7 @@ parse_wbxml_attribute_list (proto_tree *tree, tvbuff_t *tvb,
83598374
83608375 DebugLog (("parse_wbxml_attr (level = %u, offset = %u)\n" , level , offset ));
83618376 /* Parse attributes */
8377+ last_off = off ;
83628378 while (off < tvb_len ) {
83638379 peek = tvb_get_guint8 (tvb , off );
83648380 DebugLog (("ATTR: (top of while) level = %3u, peek = 0x%02X, "
@@ -8516,6 +8532,10 @@ parse_wbxml_attribute_list (proto_tree *tree, tvbuff_t *tvb,
85168532 off ++ ;
85178533 }
85188534 }
8535+ if (off < last_off ) {
8536+ THROW (ReportedBoundsError );
8537+ }
8538+ last_off = off ;
85198539 } /* End WHILE */
85208540 DebugLog (("ATTR: level = %u, Return: len = %u (end of function body)\n" ,
85218541 level , off - offset ));
0 commit comments