Wireshark-bugs: [Wireshark-bugs] [Bug 8250] GOOSE dissector incorrectly parsing status number an
Evan Huus
changed
bug 8250
What |
Removed |
Added |
Status |
INCOMPLETE
|
CONFIRMED
|
Comment # 9
on bug 8250
from Evan Huus
(In reply to comment #8)
> I think our BER code is pulling the wrong number of bytes from the packet?
Nope, that's not it. The dissect_ber_integer64 code is automatically extending
the sign bit on the values it extracts. The following patch fixes this
particular case, but presumably breaks decoding for signed values:
Index: epan/dissectors/packet-ber.c
===================================================================
--- epan/dissectors/packet-ber.c (revision 49048)
+++ epan/dissectors/packet-ber.c (working copy)
@@ -1712,9 +1712,6 @@
if (len > 0) {
/* extend sign bit */
guint8 first = tvb_get_guint8(tvb, offset);
- if (first & 0x80) {
- val = -1;
- }
if ((len > 1) && decode_warning_leading_zero_bits) {
guint8 second = tvb_get_guint8(tvb, offset+1);
if (((first == 0x00) && ((second & 0x80) == 0)) ||
I have no idea how to make this conditional on certain fields though... is it
possible for the code to fetch the FT_ value from the hf_id it already has, and
only do the sign extension for signed types? Then making the fields unsigned in
the .cnf file would work...
You are receiving this mail because:
- You are watching all bug changes.