Wireshark-dev: Re: [Wireshark-dev] reported_length < -1
From: Tyson Key <tyson.key@xxxxxxxxx>
Date: Sat, 7 Sep 2013 13:36:33 +0100
Hi folks,

Sorry for hijacking the thread, but come to think of it, would it make more sense to test if it's >0, rather than testing for !=0?

Tyson.


2013/9/7 Martin Kaiser <lists@xxxxxxxxx>
Dear all,

I stumbled on

tvb_new_subset(tvb, 10, (tvb_get_guint8(tvb, 1) - 2), (tvb_get_guint8(tvb, 1) - 2));

If tvb_get_guint8(tvb, 1)==0, we throw an exception because of
backing_length - that makes sense.

As for reported_length<-1, it looks like that's ok when the tvb is
created. There'll be an exception when it's accessed, we'll always be
out of bounds.

Is there a valid use case for reported_length<-1?

Thanks,
Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--
                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844