Wireshark-dev: Re: [Wireshark-dev] reported_length < -1
From: Martin Kaiser <lists@xxxxxxxxx>
Date: Sat, 7 Sep 2013 12:13:09 +0200
Hi Pascal,

Thus wrote Pascal Quantin (pascal.quantin@xxxxxxxxx):

> 2013/9/7 Martin Kaiser <lists@xxxxxxxxx>

> > tvb_new_subset(tvb, 10, (tvb_get_guint8(tvb, 1) - 2), (tvb_get_guint8(tvb,
> > 1) - 2));

> > As for reported_length<-1, it looks like that's ok when the tvb is
> > created. There'll be an exception when it's accessed, we'll always be
> > out of bounds.

> > Is there a valid use case for reported_length<-1?

> I Martin,

> I (wrongly?) assumed that it would automatically throw an exception (as I
> found at least one other code line like this in the source tree) so I did
> not add an explicit check on the size before creating the tvb.
> I do not see any valid use case either.

my mistake. The code of tvb_new_subset() does throw an exception also
for reported_length < -1.

Regards,
Martin