Wireshark-dev: Re: [Wireshark-dev] reported_length < -1
From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Sat, 7 Sep 2013 12:00:19 +0200
2013/9/7 Martin Kaiser <lists@xxxxxxxxx>
Dear all,

I stumbled on

tvb_new_subset(tvb, 10, (tvb_get_guint8(tvb, 1) - 2), (tvb_get_guint8(tvb, 1) - 2));

If tvb_get_guint8(tvb, 1)==0, we throw an exception because of
backing_length - that makes sense.

As for reported_length<-1, it looks like that's ok when the tvb is
created. There'll be an exception when it's accessed, we'll always be
out of bounds.

Is there a valid use case for reported_length<-1?

I Martin,

I (wrongly?) assumed that it would automatically throw an exception (as I found at least one other code line like this in the source tree) so I did not add an explicit check on the size before creating the tvb.
I do not see any valid use case either.

Pascal.