Wireshark-bugs: [Wireshark-bugs] [Bug 8250] GOOSE dissector incorrectly parsing status number an
Date: Fri, 26 Apr 2013 15:51:52 +0000

changed bug 8250

What Removed Added
Status INCOMPLETE CONFIRMED

Comment # 9 on bug 8250 from
(In reply to comment #8)
> I think our BER code is pulling the wrong number of bytes from the packet?

Nope, that's not it. The dissect_ber_integer64 code is automatically extending
the sign bit on the values it extracts. The following patch fixes this
particular case, but presumably breaks decoding for signed values:

Index: epan/dissectors/packet-ber.c
===================================================================
--- epan/dissectors/packet-ber.c    (revision 49048)
+++ epan/dissectors/packet-ber.c    (working copy)
@@ -1712,9 +1712,6 @@
     if (len > 0) {
         /* extend sign bit */
         guint8 first = tvb_get_guint8(tvb, offset);
-        if (first & 0x80) {
-            val = -1;
-        }
         if ((len > 1) && decode_warning_leading_zero_bits) {
             guint8 second = tvb_get_guint8(tvb, offset+1);
             if (((first == 0x00) && ((second & 0x80) == 0)) ||

I have no idea how to make this conditional on certain fields though... is it
possible for the code to fetch the FT_ value from the hf_id it already has, and
only do the sign extension for signed types? Then making the fields unsigned in
the .cnf file would work...


You are receiving this mail because:
  • You are watching all bug changes.