From f43ac1291b80bbccdd1ef3e6118f72e08dc8beac Mon Sep 17 00:00:00 2001
From: Dario Lombardo <lomato@gmail.com>
Date: Fri, 1 Mar 2019 11:18:53 +0100
Subject: [PATCH] srvloc: check buffer index to prevent heap overflow.

Bug: 15546
Change-Id: I35eee1f6e1127db74339ec7218d7681bd93de59c
Reviewed-on: https://code.wireshark.org/review/32285
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(cherry picked from commit 8f15ebed65ceea5c856fce055b5d83fb0c4b597b)
Reviewed-on: https://code.wireshark.org/review/32340
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
---
 epan/dissectors/packet-srvloc.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/epan/dissectors/packet-srvloc.c b/epan/dissectors/packet-srvloc.c
index 629ca78..d0ecf88 100644
--- a/epan/dissectors/packet-srvloc.c
+++ b/epan/dissectors/packet-srvloc.c
@@ -444,9 +444,13 @@ unicode_to_bytes(tvbuff_t *tvb, int offset, int length, gboolean endianness)
         for (i = length; i > 0; i--) {
             c_char = ascii_text[i];
             if (c_char != 0) {
+                if (i == 0)
+                    break;
                 i--;
                 c_char1 = ascii_text[i];
                 if (c_char1 == 0) {
+                    if (i == 0)
+                        break;
                     i--;
                     c_char1 = ascii_text[i];
                 }
-- 
2.7.4