Ethereal-dev: Re: [Ethereal-dev] Possible problem in packet-socks.c [negative length tvb_memcp

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Thu, 8 Apr 2004 15:10:02 -0700 (PDT)
Yaniv Kaul said:
> Just from reading the code, it seems there's a potential problem of
> copying a negative sized buffer in display_string(), and specifically,
> in:
>
>     int length = tvb_get_guint8(tvb, offset);
>
>     tvb_memcpy(tvb, (guint8 *)temp, offset+1, length);

"tvb_get_guint8()" returns a value in the range 0 through 255; unless
you're on a system with 8-bit "int"s (in which case GLib probably won't
work, so Ethereal won't work anyway), the assignment of the return value
of "tvb_get_guint8()" to an "int" will always put a positive value in that
"int".