Wireshark-bugs: [Wireshark-bugs] [Bug 9263] Buildbot crash output: fuzz-2013-10-10-12811.pcap
Comment # 16
on bug 9263
from Chris Maynard
(In reply to comment #15)
> (In reply to comment #12)
> > Comment on attachment 11777 [details]
> > Change the error return value of tvb_[reported_]length_remaining() from -1
> > to 0.
>
> The following comment change in tvbuf.h looks misleading to me:
>
> /** Computes bytes to end of buffer, from offset (which can be negative,
> * indicate that offset is out of bounds. No exception is thrown. */
Mine reads as follows, which I think is clear, but if not, please suggest
something else:
/** Computes bytes to end of buffer, from offset (which can be negative,
* to indicate bytes from end of buffer). Function returns 0 if offset is out
* of bounds. No exception is thrown. */
> Nothing remaining is a valid situation while trying to access out of bounds
> data is not: The latter indicates either a programming error or an invalid
> packet.
> I'm not happy with that change.
What do you suggest instead to deal with the numerous bugs caused by the misuse
of those functions, and which also avoids such problems in the future?
If one wants to be able to differentiate between no more bytes remaining in a
buffer and running past the end of the buffer, we have other functions that
could be used for that purpose: tvb_bytes_exist(), tvb_ensure_bytes_exist(),
tvb_offset_exists(). Those functions are not misused as tvb_length_remaining()
and tvb_reported_length_remaining() are.
You are receiving this mail because:
- You are watching all bug changes.