Wireshark mailing list archives
Re: reported_length < -1
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Sat, 7 Sep 2013 12:00:19 +0200
2013/9/7 Martin Kaiser <lists () kaiser cx>
Dear all, I stumbled on tvb_new_subset(tvb, 10, (tvb_get_guint8(tvb, 1) - 2), (tvb_get_guint8(tvb, 1) - 2)); If tvb_get_guint8(tvb, 1)==0, we throw an exception because of backing_length - that makes sense. As for reported_length<-1, it looks like that's ok when the tvb is created. There'll be an exception when it's accessed, we'll always be out of bounds. Is there a valid use case for reported_length<-1?
I Martin, I (wrongly?) assumed that it would automatically throw an exception (as I found at least one other code line like this in the source tree) so I did not add an explicit check on the size before creating the tvb. I do not see any valid use case either. Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- reported_length < -1 Martin Kaiser (Sep 07)
- Re: reported_length < -1 Pascal Quantin (Sep 07)
- Re: reported_length < -1 Martin Kaiser (Sep 07)
- Re: reported_length < -1 Tyson Key (Sep 07)
- Re: reported_length < -1 Pascal Quantin (Sep 07)