Wireshark-bugs: [Wireshark-bugs] [Bug 8112] MS-MMC dissector crash
Date: Sat, 22 Dec 2012 03:06:29 +0000

Comment # 6 on bug 8112 from
(In reply to comment #5)

> (In reply to comment #4)

> > When it gets a negative length, tvb_get_ephemeral_unicode_string() returns a
> > string which contains only the 0 termination - there's no indication that
> > something went wrong. Should we return NULL for an invalid length parameter?
> > Or throw an exception?
> 
> I suspect an exception is the right thing to do here.

I saw that other tvb_get_...string...() functions call tvb_ensure_bytes_exist()
to ensure that the requested number of bytes is available in the tvb. This
throws an exception if the length is invalid or too long.

I guess this should be done for the unicode functions as well. A minor drawback
would be that length==-1 parameter meaning "all bytes" is not allowed any more.
It seems that nobody uses tvb_...unicode...() with length==-1 at the moment.

Unless anyone objects, I'll commit the attached patch some time tomorrow.


You are receiving this mail because:
  • You are watching all bug changes.