Wireshark-bugs: [Wireshark-bugs] [Bug 13212] New: Wireshark shows "MS Video Source Request" in a
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 06 Dec 2016 13:39:58 +0000
Bug ID 13212
Summary Wireshark shows "MS Video Source Request" in a RTCP packet as "Malformed"
Product Wireshark
Version 2.2.2
Hardware All
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter vitaly.bilanchuk@gmail.com 

Build Information:
Wireshark 2.2.2 (wireshark-2.2.2)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.10.8, with Cairo 1.13.1, with Pango 1.36.3, with
libpcap, without POSIX capabilities, without libnl, with GLib 2.40.2, with zlib
1.2.8, without SMI, without c-ares, without Lua, without GnuTLS, without
Gcrypt,
without Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 3.19.0-74-generic, with locale en_US.UTF-8, with libpcap
version 1.5.3, with zlib 1.2.8.
Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz (with SSE4.2)

Built using gcc 4.8.4.

--
The main bug is that Wireshark doesn't display "MS Video Source Request" in
RTCP. The 2.0.2 version of Wireshark works correctly but the 2.2.2 version
doesn't.

The main problem is in the following ( take a look at
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-rtcp.c;h=1c5e02b1889e17f486985ef2b0a74db010a37014;hb=HEAD
):

1. It seems that the length is calculated in a wrong way:
epan/dissectors/packet-rtcp.c:953     length = tvb_get_ntohs(tvb, offset) - 1;

According MS specification
https://msdn.microsoft.com/en-us/library/hh659630(v=office.12).aspx:
"Length (2 bytes): The FCI size, including the AFB Type and Length field. A VSR
MUST have less than or equal to 20 VSR entries."
Due this, length should equal the value in the field - 4. ( AFB Type - 2 bytes
and Length field - 2 bytes )

I believe the following line is more correctly :
length = tvb_get_ntohs(tvb, offset) - 4;

2. The following function accepts incorrect "length" parameter.
epan/dissectors/packet-rtcp.c:959         rtcp_ms_vsr_tree =
proto_tree_add_subtree(tree, tvb, offset, hf_rtcp_psfb_ms_length, ett_ms_vsr,
&item, "MS Video Source Request");

The 4-th parameter ( gint length ) should be equal the real length value but
not an index of attr table value.

I believe the following line is more correctly :
rtcp_ms_vsr_tree = proto_tree_add_subtree(tree, tvb, offset, length,
ett_ms_vsr, &item, "MS Video Source Request");


These 2 changes fixes my local build and "MS Video Source Request" is displayed
correctly.

You are receiving this mail because:
  • You are watching all bug changes.