Wireshark-bugs: [Wireshark-bugs] [Bug 6175] wslua: Add reported_length_remaining to tvb
Date: Wed, 10 Aug 2011 17:49:59 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6175

Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #7 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2011-08-10 17:49:58 PDT ---
(In reply to comment #6)
> I'm confused. Are you saying that a negative return value from
> tvb_reported_length_remaining() (or the Lua wrapper) is dangerous? How so?

The function is somewhat dangerous, not inherently, but because people may
expect the return result to always be positive.  An example is what I quoted: 

> epan/dissectors/packet-cdp.c:    while (tvb_reported_length_remaining(tvb,
> offset) != 0) {

Here the developer appears to have assumed that any non-zero return means
"there's more data in the TVB (after the offset)".  But if offset has passed
beyond the end of the TVB then the while loop could last a long time--though I
guess usually contents of the loop would access the TVB and throw an exception.

OK, maybe it wasn't quite the problem I thought it was.

Checked in rev 38464.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.