From: Markus Koschany <apo@debian.org>
Date: Thu, 24 Mar 2022 15:43:12 +0100
Subject: CVE-2021-4181

Origin: https://gitlab.com/wireshark/wireshark/-/commit/d2436f19a3babc61ed97aa635f6eb43bfc44cfda
---
 epan/dissectors/packet-sysdig-event.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/epan/dissectors/packet-sysdig-event.c b/epan/dissectors/packet-sysdig-event.c
index ce88970..7dd127e 100644
--- a/epan/dissectors/packet-sysdig-event.c
+++ b/epan/dissectors/packet-sysdig-event.c
@@ -1864,6 +1864,13 @@ dissect_event_params(tvbuff_t *tvb, int offset, proto_tree *tree, int encoding,
     param_offset = offset + dissect_header_lens(tvb, offset, tree, encoding, hf_indexes);
 
     for (cur_param = 0; hf_indexes[cur_param]; cur_param++) {
+        if (!hf_indexes[cur_param]) {
+            // This happens when new params are added to existent events in sysdig,
+            // if the event is already mapped in wireshark with a lower number of params.
+            // hf_indexes array size would be < than event being dissected, leading to SIGSEGV.
+            break;
+        }
+
         int param_len = tvb_get_guint16(tvb, len_offset, encoding);
         const int hf_index = *hf_indexes[cur_param];
         if (proto_registrar_get_ftype(hf_index) == FT_STRING) {