Wireshark-commits: [Wireshark-commits] master-2.6 4550931: Fix handling of guintvars.
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Sun, 03 Jun 2018 17:31:57 +0000
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=45509316e450d70f91ebf44d58c75f6f34a0c90e
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-2.6
Repository: wireshark

Commits:

4550931 by Guy Harris (guy@xxxxxxxxxxxx):

    Fix handling of guintvars.
    
    1) A value that fits in a 32-bit unsigned integer may take more than 4
    octets - the uppermost bit of the octet is a "more octets follows" flag,
    so 4 octets contain only 7*4 - 28 bits of value, so a fifth octet
    preceding that with the upper 3 bits zero could result in a value that
    fits in 32 bits, and further octets of 0x80 just add further leading
    zeroes.
    
    We should, instead, check for *overflow*, meaning that if we add more
    bits at the bottom, the result is *less* than the previous value.
    
    2) When the result overflows, we should clamp it a UINT_MAX, rather than
    setting it to zero, and should keep accumulating octets, so that we
    return the correct octet count.  That prevents infinite loops where the
    item's length, and the item itself, are considered zero-length.
    
    This should fix bug 14738.
    
    Bug: 14738
    Change-Id: I1d1b60e22f169959c1573b1fcb7e010e027b5132
    Reviewed-on: https://code.wireshark.org/review/27986
    Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
    (cherry picked from commit 5c51008ef0898adae9ce12283e34b29a9c406c9f)
    Reviewed-on: https://code.wireshark.org/review/27987
    

Actions performed:

    from  a3ecedb   [Automatic update for 2018-06-03]
    adds  4550931   Fix handling of guintvars.


Summary of changes:
 epan/dissectors/packet-wap.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)